openssl: don't allow certificates outside the validity period

This commit is contained in:
Simon Arlott 2016-04-27 22:03:49 +01:00
parent c53b6ef2cc
commit d6acb43769
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24

View file

@ -778,9 +778,7 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
res == X509_V_ERR_CERT_UNTRUSTED ||
res == X509_V_ERR_CERT_NOT_YET_VALID ||
res == X509_V_ERR_CERT_HAS_EXPIRED)
res == X509_V_ERR_CERT_UNTRUSTED)
{
unsigned int len = make_certfp(cert, certfp, method);
X509_free(cert);