issue error message for expired certificates in OCSP trust chain checking
This commit is contained in:
parent
227583ba59
commit
c4570d188e
|
@ -998,6 +998,7 @@ static bool valid_ocsp_response(response_t *res)
|
|||
identification_t *subject = certificate->get_subject(certificate);
|
||||
identification_t *issuer = certificate->get_issuer(certificate);
|
||||
chunk_t authKeyID = x509->get_authKeyIdentifier(x509);
|
||||
time_t not_before, not_after;
|
||||
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("subject: '%Y'", subject);
|
||||
|
@ -1008,8 +1009,11 @@ static bool valid_ocsp_response(response_t *res)
|
|||
}
|
||||
)
|
||||
|
||||
if (!certificate->get_validity(certificate, NULL, NULL, NULL))
|
||||
if (!certificate->get_validity(certificate, NULL, ¬_before, ¬_after))
|
||||
{
|
||||
plog("certificate is invalid (valid from %T to %T)",
|
||||
¬_before, FALSE, ¬_after, FALSE);
|
||||
|
||||
unlock_authcert_list("valid_ocsp_response");
|
||||
return FALSE;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue