Changeset 7fec961 in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Jul 2, 2010, 9:15:52 AM (11 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 368b574
- Parents:
- bca274d
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
rbca274d r7fec961 1044 1044 { 1045 1045 const gnutls_datum_t *cert_list; 1046 unsigned int cert_list_size, status , expired;1046 unsigned int cert_list_size, status; 1047 1047 int rv = GNUTLS_E_NO_CERTIFICATE_FOUND, ret; 1048 1048 unsigned int ch_size = 0; … … 1051 1051 gnutls_openpgp_crt_t pgp; 1052 1052 } cert; 1053 apr_time_t activation_time,expiration_time, cur_time;1053 apr_time_t expiration_time, cur_time; 1054 1054 1055 1055 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); … … 1117 1117 apr_time_ansi_put(&expiration_time, 1118 1118 gnutls_x509_crt_get_expiration_time(cert.x509[0])); 1119 apr_time_ansi_put(&activation_time,1120 gnutls_x509_crt_get_activation_time(cert.x509[0]));1121 1119 1122 1120 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, … … 1128 1126 apr_time_ansi_put(&expiration_time, 1129 1127 gnutls_openpgp_crt_get_expiration_time(cert.pgp)); 1130 apr_time_ansi_put(&activation_time,1131 gnutls_openpgp_crt_get_creation_time(cert.pgp));1132 1128 1133 1129 rv = gnutls_openpgp_crt_verify_ring(cert.pgp, ctxt->sc->pgp_list, … … 1151 1147 /* ret = gnutls_x509_crt_check_revocation(crt, crl_list, crl_list_size); */ 1152 1148 1153 expired = 0;1154 1149 cur_time = apr_time_now(); 1155 if (activation_time > cur_time) {1156 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,1157 "GnuTLS: Failed to Verify Peer: "1158 "Peer Certificate is not yet activated.");1159 expired = 1;1160 }1161 1162 if (gnutls_certificate_type_get( ctxt->session) != GNUTLS_CRT_OPENPGP || expiration_time != 0) {1163 if (expiration_time < cur_time) {1164 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,1165 "GnuTLS: Failed to Verify Peer: "1166 "Peer Certificate is expired.");1167 expired = 1;1168 }1169 }1170 1150 1171 1151 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { … … 1177 1157 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1178 1158 "GnuTLS: Peer's Certificate signer is not a CA"); 1159 } 1160 1161 if (status & GNUTLS_CERT_INSECURE_ALGORITHM) { 1162 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1163 "GnuTLS: Peer's Certificate is using insecure algorithms"); 1164 } 1165 1166 if (status & GNUTLS_CERT_EXPIRED || status & GNUTLS_CERT_NOT_ACTIVATED) { 1167 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1168 "GnuTLS: Peer's Certificate signer is expired or not yet activated"); 1179 1169 } 1180 1170 … … 1203 1193 } 1204 1194 1205 if (status == 0 && expired == 0) {1195 if (status == 0) { 1206 1196 apr_table_setn(r->subprocess_env, "SSL_CLIENT_VERIFY", "SUCCESS"); 1207 1197 ret = OK;
Note: See TracChangeset
for help on using the changeset viewer.