From: Dylan Frank <b00mx0r@aureus.pw>
Date: Thu, 29 Mar 2018 18:11:55 +0000 (-0700)
Subject: Ignore expired or invalid client certificates (#1468).
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=3fb20b61b6baf098db8548b11f72aebfde8bfd4e;hp=90ec02cc9836e68628eed021ab0ee351e1e066e2;p=user%2Fhenk%2Fcode%2Finspircd.git

Ignore expired or invalid client certificates (#1468).

Fixes #1345.
---

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index d3372c509..930cb6dc6 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
 		return revoked;
 	}
 
+	/** Get certificate usability
+	* @return True if the certificate is not expired nor revoked
+	*/
+	bool IsUsable()
+	{
+		return !invalid && !revoked && error.empty();
+	}
+
+	/** Get CA trust status
+	* @return True if the certificate is issued by a CA
+	* and valid.
+	*/
 	bool IsCAVerified()
 	{
-		return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+		return IsUsable() && trusted && !unknownsigner;
 	}
 
 	std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
 	 */
 	ssl_cert* GetCertificate() const
 	{
-		return certificate;
+		if (certificate && certificate->IsUsable())
+			return certificate;
+		return NULL;
 	}
 
 	/**