git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Wed, 12 Feb 2020 15:06:06 +0000 (10:06 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 15 Apr 2020 19:01:41 +0000 (21:01 +0200)
commit	4658b3b6f6008eea1819ea26a46fd46df87b1030
tree	ae85b7336e7636df7ea1dee2b4f614b0b04cdf20	tree
parent	df5ea7f1b87012414d2625d1562715887ad1686d	commit \| diff

Skip expired certificates in Windows certificate store

Have the cryptoapicert option find the first matching certificate
in store that is valid at the present time. Currently the first
found item, even if expired, is returned.

This makes it possible to update certifiates in store without having
to delete old ones. As a side effect, if only expired certificates are
found, the connection fails.

Also remove some unnecessary casts.

Tested on Windows 10.
Trac #966

v4: Handle the case when an unknown certificate specification is passed
to find_certificate_in_store().

Note: Warnings printed from find_certificate_in_store() could show up
multiple times as its called for each certificate store. This could
be improved in a future patch.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <1581519967-16950-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19404.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 7b63984d51a2582ba2d406e46a7debb11df7f478)