git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Wed, 12 Feb 2020 15:06:06 +0000 (10:06 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 13 Feb 2020 19:47:54 +0000 (20:47 +0100)
commit	7b63984d51a2582ba2d406e46a7debb11df7f478
tree	98fa5394a37b166101cada8c06d527cce877fb9a	tree
parent	e84f430f8487cf42304fe29fd8746a91309b08d0	commit \| diff

Skip expired certificates in Windows certificate store

Have the cryptoapicert option find the first matching certificate
in store that is valid at the present time. Currently the first
found item, even if expired, is returned.

This makes it possible to update certifiates in store without having
to delete old ones. As a side effect, if only expired certificates are
found, the connection fails.

Also remove some unnecessary casts.

Tested on Windows 10.
Trac #966

v4: Handle the case when an unknown certificate specification is passed
to find_certificate_in_store().

Note: Warnings printed from find_certificate_in_store() could show up
multiple times as its called for each certificate store. This could
be improved in a future patch.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <1581519967-16950-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19404.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>