0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
{ "hbci v1 fail", hbci_chain, &hbci_chain[2],
0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID},
+ { "hbci v1 ok expired", hbci_chain, &hbci_chain[2],
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "hbci v1 ok", hbci_chain, &hbci_chain[2],
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, 0 },
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ 0 },
{ "rsa-md5 fail", mayfirst_chain, &mayfirst_chain[1],
0, GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID },
{ "rsa-md5 not ok", mayfirst_chain, &mayfirst_chain[1],