Add a comment about gnutls date bits in certstat.

It's easy to miss the call disabling date checking and wonder why the
certstat bits are not set.

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index 039ae296991ff1711220b725fc879f8fba4a109a..bc9460d9a07e3ede9f91b8853b96050e0a67235b 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -707,6 +707,10 @@ static int tls_check_preauth (const gnutls_datum_t *certdata,
     return -1;
   }
 
+  /* Note: tls_negotiate() contains a call to
+   * gnutls_certificate_set_verify_flags() with a flag disabling
+   * GnuTLS checking of the dates.  So certstat shouldn't have the
+   * GNUTLS_CERT_EXPIRED and GNUTLS_CERT_NOT_ACTIVATED bits set. */
   if (option (OPTSSLVERIFYDATES) != MUTT_NO)
   {
     if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL))