Disable checking certificate activation/expiration times in gnutls as we do the check...

author Miroslav Lichvar <mlichvar@redhat.com>

Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)
diff --git a/configure.ac b/configure.ac

index 1aace831fd3847107835077459ae8dab465238f7..bfdb6b6af9097f613a2125fd40b851b4497fd5a4 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -703,6 +703,8 @@ then
        [dnl GNUTLS not found
          AC_MSG_ERROR([could not find libgnutls])
        ])
+      AC_CHECK_DECLS([GNUTLS_VERIFY_DISABLE_TIME_CHECKS], [], [],
+                    [[#include <gnutls/x509.h>]])
    fi
  fi
  AM_CONDITIONAL(USE_SSL, test x$need_ssl = xyes)
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c

index 55755cdfc92f822da6ff1d03bdbf901ea8d369e8..ed3d5dc0b3db395984ae2738401731250a825dc3 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -275,6 +275,12 @@ static int tls_negotiate (CONNECTION * conn)
                                            SslClientCert, GNUTLS_X509_FMT_PEM);
    }
  
+#if HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS
+  /* disable checking certificate activation/expiration times
+     in gnutls, we do the checks ourselves */
+  gnutls_certificate_set_verify_flags(data->xcred, GNUTLS_VERIFY_DISABLE_TIME_CHECKS);
+#endif
+
    gnutls_init(&data->state, GNUTLS_CLIENT);
  
    /* set socket */
author	Miroslav Lichvar <mlichvar@redhat.com>
	Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Sun, 7 Jun 2009 06:14:37 +0000 (08:14 +0200)
configure.ac		patch \| blob \| history
mutt_ssl_gnutls.c		patch \| blob \| history