From: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Sun, 3 Sep 2006 20:25:09 +0000 (+0000)
Subject: Dont report that the key has expired when it hasnt
X-Git-Tag: v2.0.23~7217
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=f0101edab9503cc249c43365c764159d93ba88ee;p=user%2Fhenk%2Fcode%2Finspircd.git

Dont report that the key has expired when it hasnt


git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5127 e03df62e-2008-0410-955e-edbf42e46eb7
---

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 071c1d961..f45334e7e 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -61,6 +61,11 @@ public:
 
 static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
 {
+	/* XXX: This will allow self signed certificates.
+	 * In the future if we want an option to not allow this,
+	 * we can just return preverify_ok here, and openssl
+	 * will boot off self-signed and invalid peer certs.
+	 */
 	return 1;
 }
 	
@@ -91,8 +96,6 @@ class ModuleSSLOpenSSL : public Module
 	ModuleSSLOpenSSL(InspIRCd* Me)
 		: Module::Module(Me)
 	{
-		
-
 		culllist = new CullList(ServerInstance);
 		
 		// Not rehashable...because I cba to reduce all the sizes of existing buffers.
@@ -717,16 +720,10 @@ class ModuleSSLOpenSSL : public Module
 			certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n)));
 		}
 
-		if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == -1))
+		if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == 0))
 		{
 			certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
 		}
-
-		/*if (cert->name)
-		{
-			certinfo->data.insert(std::make_pair("dn",cert->name));
-		}*/
-
 	}
 };