We close a connection to a relay whose time is more than an hour in the future
#4370 (moved) is about warnings about scary times. Those are worrying to users but not actually harmful. The real problem is that we declare the cert invalid and close the connection if the relay we're talking to is 61 minutes in the future. That's new (and much too strict) behavior.
The previous behavior was to not care about the clock the other guy claims to have, so long as he talks the Tor protocol. Things will likely go poorly if he's more than a week or two out of date (e.g. since somebody's onion key will probably be wrong now), but that's no reason to give up without trying.
In fact, I think log_cert_lifetime() and tor_tls_check_lifetime() are in 0.2.2.x but never called?
So what do we give up by not checking the time on certs in 0.2.3.x either? The cert is valid for a whole year, so I'm not sure what attacks we resolve by being this precise. (If we still want to check if it's past the one year mark, I wouldn't object.)
Pointed out by "bastik_tor".