ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

issue error message for expired certificates in OCSP trust chain checking

This commit is contained in:
Andreas Steffen 2009-11-24 12:37:38 +01:00
parent 227583ba59
commit c4570d188e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pluto/ocsp.c
View File

@ -998,6 +998,7 @@ static bool valid_ocsp_response(response_t *res)
identification_t *subject = certificate->get_subject(certificate);
identification_t *issuer = certificate->get_issuer(certificate);
chunk_t authKeyID = x509->get_authKeyIdentifier(x509);
time_t not_before, not_after;
DBG(DBG_CONTROL,
DBG_log("subject: '%Y'", subject);
@ -1008,8 +1009,11 @@ static bool valid_ocsp_response(response_t *res)
}
)
if (!certificate->get_validity(certificate, NULL, NULL, NULL))
if (!certificate->get_validity(certificate, NULL, &not_before, &not_after))
{
plog("certificate is invalid (valid from %T to %T)",
&not_before, FALSE, &not_after, FALSE);
unlock_authcert_list("valid_ocsp_response");
return FALSE;
}