openssl: don't allow certificates outside the validity period
This commit is contained in:
parent
c53b6ef2cc
commit
d6acb43769
1 changed files with 1 additions and 3 deletions
|
@ -778,9 +778,7 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
|||
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
|
||||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
|
||||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
||||
res == X509_V_ERR_CERT_UNTRUSTED ||
|
||||
res == X509_V_ERR_CERT_NOT_YET_VALID ||
|
||||
res == X509_V_ERR_CERT_HAS_EXPIRED)
|
||||
res == X509_V_ERR_CERT_UNTRUSTED)
|
||||
{
|
||||
unsigned int len = make_certfp(cert, certfp, method);
|
||||
X509_free(cert);
|
||||
|
|
Loading…
Reference in a new issue