0, GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
{ "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3],
0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+ { "verisign.com v1 fail2", verisign_com_chain, &verisign_com_chain[3],
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, 0 },
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ 0 },
{ "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID },
+ { "expired self signed", pem_self_cert, &pem_self_cert[0],
+ 0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID },
{ "self signed", pem_self_cert, &pem_self_cert[0],
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0 },
{ "ca=false", thea_chain, &thea_chain[1],