diff options
| author | Dylan Frank <b00mx0r@aureus.pw> | 2018-03-29 11:11:55 -0700 |
|---|---|---|
| committer | Peter Powell <petpow@saberuk.com> | 2018-03-29 19:11:55 +0100 |
| commit | 3fb20b61b6baf098db8548b11f72aebfde8bfd4e (patch) | |
| tree | c82662d1956a87b6544ffac80c11709aa9cfbe24 /include/modules | |
| parent | 90ec02cc9836e68628eed021ab0ee351e1e066e2 (diff) | |
Ignore expired or invalid client certificates (#1468).
Fixes #1345.
Diffstat (limited to 'include/modules')
| -rw-r--r-- | include/modules/ssl.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h index d3372c509..930cb6dc6 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -112,9 +112,21 @@ class ssl_cert : public refcountbase return revoked; } + /** Get certificate usability + * @return True if the certificate is not expired nor revoked + */ + bool IsUsable() + { + return !invalid && !revoked && error.empty(); + } + + /** Get CA trust status + * @return True if the certificate is issued by a CA + * and valid. + */ bool IsCAVerified() { - return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + return IsUsable() && trusted && !unknownsigner; } std::string GetMetaLine() @@ -183,7 +195,9 @@ class SSLIOHook : public IOHook */ ssl_cert* GetCertificate() const { - return certificate; + if (certificate && certificate->IsUsable()) + return certificate; + return NULL; } /** |