]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 091edd8) | patch
Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2
authorSteffan Karger <steffan@karger.me>
Mon, 14 Dec 2015 22:14:45 +0000 (23:14 +0100)
committerGert Doering <gert@greenie.muc.de>
Tue, 15 Dec 2015 07:48:21 +0000 (08:48 +0100)
commit644f2cdd13f49cd374aebc1fc506474104aac372
treeb46aac0a4350e8e5aa37fb0b1da01236d760b906tree
parent091edd8e2996867447eeb665af957547aa8b3107commit | diff
Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

The SSL_CTX_get0_certificate() function I used in 091edd8e is available in
OpenSSL 1.0.2+ only.  Older versions seem to not have a useful alternative.
The remaining option would then be to create a cache for our parsed
certificate, but that would mean adding more struct members and code for
the select group of people that do use an up-to-date openvpn, but do not
update their openssl.  I don't think that's worth it.  So just disable the
code for older openssl versions.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1450131285-30182-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10802
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/ssl_openssl.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git