summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorDylan Frank <b00mx0r@aureus.pw>2018-03-29 11:11:55 -0700
committerPeter Powell <petpow@saberuk.com>2018-03-29 19:11:55 +0100
commit3fb20b61b6baf098db8548b11f72aebfde8bfd4e (patch)
treec82662d1956a87b6544ffac80c11709aa9cfbe24 /include
parent90ec02cc9836e68628eed021ab0ee351e1e066e2 (diff)
Ignore expired or invalid client certificates (#1468).
Fixes #1345.
Diffstat (limited to 'include')
-rw-r--r--include/modules/ssl.h18
1 files changed, 16 insertions, 2 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index d3372c509..930cb6dc6 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
return revoked;
}
+ /** Get certificate usability
+ * @return True if the certificate is not expired nor revoked
+ */
+ bool IsUsable()
+ {
+ return !invalid && !revoked && error.empty();
+ }
+
+ /** Get CA trust status
+ * @return True if the certificate is issued by a CA
+ * and valid.
+ */
bool IsCAVerified()
{
- return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+ return IsUsable() && trusted && !unknownsigner;
}
std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
*/
ssl_cert* GetCertificate() const
{
- return certificate;
+ if (certificate && certificate->IsUsable())
+ return certificate;
+ return NULL;
}
/**