From f7a7d667da23db5c834d5149e75eb89d3b03af4b Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 30 Jun 2009 18:02:38 +0000
Subject: Allow openpgp certificates that have infinite expiration time. Suggestion by MattLoar at http://issues.outoforder.cc/view.php?id=96.

---
(limited to 'src/gnutls_hooks.c')

diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index e671a60..9ac17a0 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -1109,11 +1109,13 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt)
 	expired = 1;
     }
 
-    if (expiration_time < cur_time) {
-	ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+    if (gnutls_certificate_type_get( ctxt->session) != GNUTLS_CRT_OPENPGP || expiration_time != 0) {
+        if (expiration_time < cur_time) {
+	    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
 		      "GnuTLS: Failed to Verify Peer: "
 		      "Peer Certificate is expired.");
-	expired = 1;
+            expired = 1;
+        }
     }
 
     if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
--
cgit v0.9.2