Commit 14b0178d authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Add a comment about gnutls date bits in certstat.

It's easy to miss the call disabling date checking and wonder why the
certstat bits are not set.
parent d6581efc
Pipeline #32595362 passed with stages
in 14 minutes and 23 seconds
......@@ -707,6 +707,10 @@ static int tls_check_preauth (const gnutls_datum_t *certdata,
return -1;
}
/* Note: tls_negotiate() contains a call to
* gnutls_certificate_set_verify_flags() with a flag disabling
* GnuTLS checking of the dates. So certstat shouldn't have the
* GNUTLS_CERT_EXPIRED and GNUTLS_CERT_NOT_ACTIVATED bits set. */
if (option (OPTSSLVERIFYDATES) != MUTT_NO)
{
if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment