From: Kevin McCarthy <kevin@8t8.us>
Date: Wed, 10 Oct 2018 19:50:15 +0000 (-0700)
Subject: Add a comment about gnutls date bits in certstat.
X-Git-Tag: mutt-1-11-rel~38
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=14b0178d6115f8201b63a0c6f03eaf7bf57c2f31;p=mutt

Add a comment about gnutls date bits in certstat.

It's easy to miss the call disabling date checking and wonder why the
certstat bits are not set.
---

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index 039ae296..bc9460d9 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -707,6 +707,10 @@ static int tls_check_preauth (const gnutls_datum_t *certdata,
     return -1;
   }
 
+  /* Note: tls_negotiate() contains a call to
+   * gnutls_certificate_set_verify_flags() with a flag disabling
+   * GnuTLS checking of the dates.  So certstat shouldn't have the
+   * GNUTLS_CERT_EXPIRED and GNUTLS_CERT_NOT_ACTIVATED bits set. */
   if (option (OPTSSLVERIFYDATES) != MUTT_NO)
   {
     if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL))