From: Kevin McCarthy <kevin@8t8.us>
Date: Wed, 10 Oct 2018 19:50:15 +0000 (-0700)
Subject: Add a comment about gnutls date bits in certstat.
X-Git-Tag: 2019-10-25~614^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=29b33428c70221bdc55b93dff624c93948c716f0;p=neomutt

Add a comment about gnutls date bits in certstat.

It's easy to miss the call disabling date checking and wonder why the
certstat bits are not set.
---

diff --git a/conn/ssl_gnutls.c b/conn/ssl_gnutls.c
index f941c5a57..987dcfdba 100644
--- a/conn/ssl_gnutls.c
+++ b/conn/ssl_gnutls.c
@@ -347,6 +347,10 @@ static int tls_check_preauth(const gnutls_datum_t *certdata,
     return -1;
   }
 
+  /* Note: tls_negotiate() contains a call to
+   * gnutls_certificate_set_verify_flags() with a flag disabling
+   * GnuTLS checking of the dates.  So certstat shouldn't have the
+   * GNUTLS_CERT_EXPIRED and GNUTLS_CERT_NOT_ACTIVATED bits set. */
   if (SslVerifyDates != MUTT_NO)
   {
     if (gnutls_x509_crt_get_expiration_time(cert) < time(NULL))