gnutls: ignore invalid certificate dates with VERIFYPEER disabled (baf8b57b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

RELEASE-NOTES

+1 −0

Original line number	Diff line number	Diff line
		@@ -38,6 +38,7 @@ This release includes the following bugfixes:
		o nss: make the fallback to SSLv3 work again
		o tool: prevent valgrind from reporting possibly lost memory (nss only)
		o nss: fix a memory leak when CURLOPT_CRLFILE is used
		o gnutls: ignore invalid certificate dates with VERIFYPEER disabled
		o

		This release includes the following known bugs:

+30 −20

Original line number	Diff line number	Diff line
		@@ -789,10 +789,14 @@ gtls_connect_step3(struct connectdata *conn,
		certclock = gnutls_x509_crt_get_expiration_time(x509_cert);

		if(certclock == (time_t)-1) {
		if(data->set.ssl.verifypeer) {
		failf(data, "server cert expiration date verify failed");
		return CURLE_SSL_CONNECT_ERROR;
		}

		else
		infof(data, "\t server certificate expiration date verify FAILED\n");
		}
		else {
		if(certclock < time(NULL)) {
		if(data->set.ssl.verifypeer) {
		failf(data, "server certificate expiration date has passed.");
		@@ -803,14 +807,19 @@ gtls_connect_step3(struct connectdata *conn,
		}
		else
		infof(data, "\t server certificate expiration date OK\n");
		}

		certclock = gnutls_x509_crt_get_activation_time(x509_cert);

		if(certclock == (time_t)-1) {
		if(data->set.ssl.verifypeer) {
		failf(data, "server cert activation date verify failed");
		return CURLE_SSL_CONNECT_ERROR;
		}

		else
		infof(data, "\t server certificate activation date verify FAILED\n");
		}
		else {
		if(certclock > time(NULL)) {
		if(data->set.ssl.verifypeer) {
		failf(data, "server certificate not activated yet.");
		@@ -821,6 +830,7 @@ gtls_connect_step3(struct connectdata *conn,
		}
		else
		infof(data, "\t server certificate activation date OK\n");
		}

		/* Show: