From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Sun, 7 Jun 2009 06:14:37 +0000 (+0200)
Subject: Disable checking certificate activation/expiration times in gnutls as we do the check... 
X-Git-Tag: neomutt-20160307~599
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dd4821cbc22ca9d6e828b74df935ddaeeb582af8;p=neomutt

Disable checking certificate activation/expiration times in gnutls as we do the checks ourselves.
---

diff --git a/configure.ac b/configure.ac
index 1aace831f..bfdb6b6af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -703,6 +703,8 @@ then
       [dnl GNUTLS not found
         AC_MSG_ERROR([could not find libgnutls])
       ])
+      AC_CHECK_DECLS([GNUTLS_VERIFY_DISABLE_TIME_CHECKS], [], [],
+                    [[#include <gnutls/x509.h>]])
   fi
 fi
 AM_CONDITIONAL(USE_SSL, test x$need_ssl = xyes)
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index 55755cdfc..ed3d5dc0b 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -275,6 +275,12 @@ static int tls_negotiate (CONNECTION * conn)
                                           SslClientCert, GNUTLS_X509_FMT_PEM);
   }
 
+#if HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS
+  /* disable checking certificate activation/expiration times
+     in gnutls, we do the checks ourselves */
+  gnutls_certificate_set_verify_flags(data->xcred, GNUTLS_VERIFY_DISABLE_TIME_CHECKS);
+#endif
+
   gnutls_init(&data->state, GNUTLS_CLIENT);
 
   /* set socket */