aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2007-07-10 21:36:30 +0000
committerDaniel Stenberg <daniel@haxx.se>2007-07-10 21:36:30 +0000
commit4b1782c37141b82aa118eaf05061bb9ba1759700 (patch)
tree2ae4d54b8206e7297420535767052e527731c2f1 /lib
parentf84642197f618836bd371688fcfbb59e60902bc2 (diff)
7.16.4 preps
Diffstat (limited to 'lib')
-rw-r--r--lib/gtls.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index 0e100c621..a84128e3e 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -420,6 +420,43 @@ Curl_gtls_connect(struct connectdata *conn,
else
infof(data, "\t common name: %s (matched)\n", certbuf);
+ /* Check for time-based validity */
+ clock = gnutls_x509_crt_get_expiration_time(x509_cert);
+
+ if(clock == (time_t)-1) {
+ failf(data, "server cert expiration date verify failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(clock < time(NULL)) {
+ if (data->set.ssl.verifypeer) {
+ failf(data, "server certificate expiration date has passed.");
+ return CURLE_SSL_PEER_CERTIFICATE;
+ }
+ else
+ infof(data, "\t server certificate expiration date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate expiration date OK\n");
+
+ clock = gnutls_x509_crt_get_activation_time(x509_cert);
+
+ if(clock == (time_t)-1) {
+ failf(data, "server cert activation date verify failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(clock > time(NULL)) {
+ if (data->set.ssl.verifypeer) {
+ failf(data, "server certificate not activated yet.");
+ return CURLE_SSL_PEER_CERTIFICATE;
+ }
+ else
+ infof(data, "\t server certificate activation date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate activation date OK\n");
+
/* Show:
- ciphers used