9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openssl: don't allow certificates outside the validity period

Browse source
This commit is contained in:
Simon Arlott 2016-04-27 22:03:49 +01:00
parent c53b6ef2cc
commit d6acb43769
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
librb/src/openssl.c
View file

@ -778,9 +778,7 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
res == X509_V_ERR_CERT_UNTRUSTED ||
res == X509_V_ERR_CERT_NOT_YET_VALID ||
res == X509_V_ERR_CERT_HAS_EXPIRED)
res == X509_V_ERR_CERT_UNTRUSTED)
{
unsigned int len = make_certfp(cert, certfp, method);
X509_free(cert);