From 3a6321c9117950817d01cba3bd4201334a6ab70a Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Tue, 30 Jun 2009 18:02:38 +0000 Subject: Allow openpgp certificates that have infinite expiration time. Suggestion by MattLoar at http://issues.outoforder.cc/view.php?id=96. --- src/gnutls_hooks.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e671a60..9ac17a0 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -1109,11 +1109,13 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt) expired = 1; } - if (expiration_time < cur_time) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + if (gnutls_certificate_type_get( ctxt->session) != GNUTLS_CRT_OPENPGP || expiration_time != 0) { + if (expiration_time < cur_time) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "GnuTLS: Failed to Verify Peer: " "Peer Certificate is expired."); - expired = 1; + expired = 1; + } } if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { -- cgit