warn if loaded local certificate is invalid

diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index a24f29dd6d8bbda26898589e2307dfc8639bde77..fece34eec4a002a89873b17a66d14171c7cefb61 100644 (file)
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -765,7 +765,7 @@ static void unshare_connection_strings(connection_t *c)
 
 static void load_end_certificate(char *filename, struct end *dst)
 {
-       time_t valid_until;
+       time_t notBefore, notAfter;
        cert_t *cert = NULL;
        certificate_t *certificate;
        bool cached_cert = FALSE;
@@ -810,15 +810,17 @@ static void load_end_certificate(char *filename, struct end *dst)
                }
                else
                {
-                       if (!certificate->get_validity(certificate, NULL, NULL, &valid_until))
+                       if (!certificate->get_validity(certificate, NULL, &notBefore, &notAfter))
                        {
+                               plog("certificate is invalid (valid from %T to %T)",
+                                        &notBefore, FALSE, &notAfter, FALSE);
                                cert_free(cert);
                                return;
                        }
                        DBG(DBG_CONTROL,
                                DBG_log("certificate is valid")
                        )
-                       add_public_key_from_cert(cert, valid_until, DAL_LOCAL);
+                       add_public_key_from_cert(cert, notAfter, DAL_LOCAL);
                        dst->cert = cert_add(cert);
                }
                certificate = dst->cert->cert;