The test here:
https://dev.gnupg.org/source/libksba/browse/master/src/cms.c;af99234b21c98ad1a4eaf2b72fb52de67beba9d3$2513
is invalid because the certlist->signing_time is array and thus the test is always true. But probably the check should be for non-empty certlist->signing_time meaning the test should be certlist->signing_time[0] != '\0'