Ignore expired or invalid client certificates (#1468).

author Dylan Frank <b00mx0r@aureus.pw>

Thu, 29 Mar 2018 18:11:55 +0000 (11:11 -0700)

committer Peter Powell <petpow@saberuk.com>

Thu, 29 Mar 2018 18:11:55 +0000 (19:11 +0100)
author Dylan Frank <b00mx0r@aureus.pw>
Thu, 29 Mar 2018 18:11:55 +0000 (11:11 -0700)
committer Peter Powell <petpow@saberuk.com>
Thu, 29 Mar 2018 18:11:55 +0000 (19:11 +0100)
diff --git a/include/modules/ssl.h b/include/modules/ssl.h

index d3372c5094f79b2b2563dd9fe0654c0d909bc1d9..930cb6dc605a73373bc2ea52561e5a953671c4f3 100644 (file)
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
                 return revoked;
         }
  
+       /** Get certificate usability
+       * @return True if the certificate is not expired nor revoked
+       */
+       bool IsUsable()
+       {
+               return !invalid && !revoked && error.empty();
+       }
+
+       /** Get CA trust status
+       * @return True if the certificate is issued by a CA
+       * and valid.
+       */
         bool IsCAVerified()
         {
-               return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+               return IsUsable() && trusted && !unknownsigner;
         }
  
         std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
          */
         ssl_cert* GetCertificate() const
         {
-               return certificate;
+               if (certificate && certificate->IsUsable())
+                       return certificate;
+               return NULL;
         }
  
         /**
author	Dylan Frank <b00mx0r@aureus.pw>
	Thu, 29 Mar 2018 18:11:55 +0000 (11:11 -0700)
committer	Peter Powell <petpow@saberuk.com>
	Thu, 29 Mar 2018 18:11:55 +0000 (19:11 +0100)