diff options
author | Daniel Stenberg <daniel@haxx.se> | 2007-07-10 21:36:30 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2007-07-10 21:36:30 +0000 |
commit | 4b1782c37141b82aa118eaf05061bb9ba1759700 (patch) | |
tree | 2ae4d54b8206e7297420535767052e527731c2f1 /lib | |
parent | f84642197f618836bd371688fcfbb59e60902bc2 (diff) |
7.16.4 preps
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gtls.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/gtls.c b/lib/gtls.c index 0e100c621..a84128e3e 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -420,6 +420,43 @@ Curl_gtls_connect(struct connectdata *conn, else infof(data, "\t common name: %s (matched)\n", certbuf); + /* Check for time-based validity */ + clock = gnutls_x509_crt_get_expiration_time(x509_cert); + + if(clock == (time_t)-1) { + failf(data, "server cert expiration date verify failed"); + return CURLE_SSL_CONNECT_ERROR; + } + + if(clock < time(NULL)) { + if (data->set.ssl.verifypeer) { + failf(data, "server certificate expiration date has passed."); + return CURLE_SSL_PEER_CERTIFICATE; + } + else + infof(data, "\t server certificate expiration date FAILED\n"); + } + else + infof(data, "\t server certificate expiration date OK\n"); + + clock = gnutls_x509_crt_get_activation_time(x509_cert); + + if(clock == (time_t)-1) { + failf(data, "server cert activation date verify failed"); + return CURLE_SSL_CONNECT_ERROR; + } + + if(clock > time(NULL)) { + if (data->set.ssl.verifypeer) { + failf(data, "server certificate not activated yet."); + return CURLE_SSL_PEER_CERTIFICATE; + } + else + infof(data, "\t server certificate activation date FAILED\n"); + } + else + infof(data, "\t server certificate activation date OK\n"); + /* Show: - ciphers used |