mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity

deal with crls being expired / not-yet-valid. 

if a crl is expired or not-yet-valid SSL_get_verify_result()
will return these errors too so check for them explicitly
instead of depending on X509_V_OK.

found by @dacechavez
This commit is contained in:
Joris Vink 2019-01-19 11:49:54 +01:00
parent d1e87c1a54
commit 3f083d6126
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/connection.c
View File

@ -306,7 +306,12 @@ kore_connection_handle(struct connection *c)
}
r = SSL_get_verify_result(c->ssl);
if (r != X509_V_OK) {
switch (r) {
case X509_V_OK:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_CRL_HAS_EXPIRED:
break;
default:
kore_debug("SSL_get_verify_result(): %d, %s",
r, ssl_errno_s);
return (KORE_RESULT_ERROR);