warn if loaded local certificate is invalid
This commit is contained in:
parent
909c0c3d63
commit
bf1e0df7c5
|
@ -765,7 +765,7 @@ static void unshare_connection_strings(connection_t *c)
|
|||
|
||||
static void load_end_certificate(char *filename, struct end *dst)
|
||||
{
|
||||
time_t valid_until;
|
||||
time_t notBefore, notAfter;
|
||||
cert_t *cert = NULL;
|
||||
certificate_t *certificate;
|
||||
bool cached_cert = FALSE;
|
||||
|
@ -810,15 +810,17 @@ static void load_end_certificate(char *filename, struct end *dst)
|
|||
}
|
||||
else
|
||||
{
|
||||
if (!certificate->get_validity(certificate, NULL, NULL, &valid_until))
|
||||
if (!certificate->get_validity(certificate, NULL, ¬Before, ¬After))
|
||||
{
|
||||
plog("certificate is invalid (valid from %T to %T)",
|
||||
¬Before, FALSE, ¬After, FALSE);
|
||||
cert_free(cert);
|
||||
return;
|
||||
}
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("certificate is valid")
|
||||
)
|
||||
add_public_key_from_cert(cert, valid_until, DAL_LOCAL);
|
||||
add_public_key_from_cert(cert, notAfter, DAL_LOCAL);
|
||||
dst->cert = cert_add(cert);
|
||||
}
|
||||
certificate = dst->cert->cert;
|
||||
|
|
Loading…
Reference in New Issue