kore

a fork of the worlds most advanced web framework
Log | Files | Refs | README | LICENSE

commit 3f083d6126e7d25be57d7403a129c6c0c718422d
parent d1e87c1a548366b7c32357ada70477f6b92ddd4f
Author: Joris Vink <joris@coders.se>
Date:   Sat, 19 Jan 2019 11:49:54 +0100

deal with crls being expired / not-yet-valid.

if a crl is expired or not-yet-valid SSL_get_verify_result()
will return these errors too so check for them explicitly
instead of depending on X509_V_OK.

found by @dacechavez

Diffstat:
Msrc/connection.c | 7++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/connection.c b/src/connection.c @@ -306,7 +306,12 @@ kore_connection_handle(struct connection *c) } r = SSL_get_verify_result(c->ssl); - if (r != X509_V_OK) { + switch (r) { + case X509_V_OK: + case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CRL_HAS_EXPIRED: + break; + default: kore_debug("SSL_get_verify_result(): %d, %s", r, ssl_errno_s); return (KORE_RESULT_ERROR);