380
380
infof(data, "\t common name: %s (matched)\n", certbuf);
382
/* Check for time-based validity */
383
clock = gnutls_x509_crt_get_expiration_time(x509_cert);
385
if(clock == (time_t)-1) {
386
failf(data, "server cert expiration date verify failed");
387
return CURLE_SSL_CONNECT_ERROR;
390
if(clock < time(NULL)) {
391
if (data->set.ssl.verifypeer) {
392
failf(data, "server certificate expiration date has passed.");
393
return CURLE_SSL_PEER_CERTIFICATE;
396
infof(data, "\t server certificate expiration date FAILED\n");
399
infof(data, "\t server certificate expiration date OK\n");
401
clock = gnutls_x509_crt_get_activation_time(x509_cert);
403
if(clock == (time_t)-1) {
404
failf(data, "server cert activation date verify failed");
405
return CURLE_SSL_CONNECT_ERROR;
408
if(clock > time(NULL)) {
409
if (data->set.ssl.verifypeer) {
410
failf(data, "server certificate not activated yet.");
411
return CURLE_SSL_PEER_CERTIFICATE;
414
infof(data, "\t server certificate activation date FAILED\n");
417
infof(data, "\t server certificate activation date OK\n");