From 6bfb2936a72512e5f3a63aef72b51e9c91043d2b Mon Sep 17 00:00:00 2001
From: Brendan Cully <brendan@kublai.com>
Date: Tue, 26 Jul 2005 05:28:02 +0000
Subject: [PATCH] Don't offer to save expired or not-yet-valid certificates.
 Closes #1943 as a side-effect.

---
 mutt_ssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mutt_ssl.c b/mutt_ssl.c
index c06807bd1..bc9a523dc 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -617,7 +617,8 @@ static int ssl_check_certificate (sslsockdata * data)
   snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf);
 
   menu->title = _("SSL Certificate check");
-  if (SslCertFile)
+  if (SslCertFile && X509_cmp_current_time (X509_get_notAfter (data->cert)) >= 0
+      && X509_cmp_current_time (X509_get_notBefore (data->cert)) < 0)
   {
     menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
     menu->keys = _("roa");
-- 
2.40.0