summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2009-06-30 18:02:38 (GMT)
committer Nokis Mavrogiannopoulos <nmav@gnutls.org>2009-06-30 18:02:38 (GMT)
commitf7a7d667da23db5c834d5149e75eb89d3b03af4b (patch)
treecc5b3e409b00da3b2c836068981629e38143ddb3
parent7e67487c0ab67eca34b0945f0d92365773cab9c4 (diff)
Allow openpgp certificates that have infinite expiration time. Suggestion by MattLoar at http://issues.outoforder.cc/view.php?id=96.
-rw-r--r--src/gnutls_hooks.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index e671a60..9ac17a0 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -1109,11 +1109,13 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt)
1109 expired = 1; 1109 expired = 1;
1110 } 1110 }
1111 1111
1112 if (expiration_time < cur_time) { 1112 if (gnutls_certificate_type_get( ctxt->session) != GNUTLS_CRT_OPENPGP || expiration_time != 0) {
1113 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1113 if (expiration_time < cur_time) {
1114 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
1114 "GnuTLS: Failed to Verify Peer: " 1115 "GnuTLS: Failed to Verify Peer: "
1115 "Peer Certificate is expired."); 1116 "Peer Certificate is expired.");
1116 expired = 1; 1117 expired = 1;
1118 }
1117 } 1119 }
1118 1120
1119 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { 1121 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {