deal with crls being expired / not-yet-valid. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit 3f083d6126e7d25be57d7403a129c6c0c718422d
parent d1e87c1a548366b7c32357ada70477f6b92ddd4f
Author: Joris Vink <joris@coders.se>
Date:   Sat, 19 Jan 2019 11:49:54 +0100

deal with crls being expired / not-yet-valid.

if a crl is expired or not-yet-valid SSL_get_verify_result()
will return these errors too so check for them explicitly
instead of depending on X509_V_OK.

found by @dacechavez

Diffstat:
src/connection.c  | 7 ++++++-

1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/connection.c b/src/connection.c
@@ -306,7 +306,12 @@ kore_connection_handle(struct connection *c)
 		}
 
 		r = SSL_get_verify_result(c->ssl);
-		if (r != X509_V_OK) {
+		switch (r) {
+		case X509_V_OK:
+		case X509_V_ERR_CRL_NOT_YET_VALID:
+		case X509_V_ERR_CRL_HAS_EXPIRED:
+			break;
+		default:
 			kore_debug("SSL_get_verify_result(): %d, %s",
 			    r, ssl_errno_s);
 			return (KORE_RESULT_ERROR);

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git