Abort GnuTLS certificate check if a cert in the chain is rejected.
GnuTLS is not checking dates because we disabled that in tls_negotiate(). So if we don't do this, rejecting an expired intermediate cert will have no effect. Certstat won't contain an expiration error, and tls_check_preauth() will only look at each subsequent cert in the chain's dates.
Showing with 5 additions and 1 deletion