Commit 7a379ad9 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

GnuTLS: do not bother checking certificate dates

Newer GnuTLS versions do it internally and in a more correct fashion.
parent 44db6102
......@@ -3985,7 +3985,7 @@ AS_IF([test "${have_libgcrypt}" != "yes"], [
enable_gnutls="no"
])
AS_IF([test "${enable_gnutls}" != "no"], [
PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.8.0], [
PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.6.6], [
VLC_ADD_PLUGIN([gnutls])
], [
AS_IF([test -n "${enable_gnutls}"], [
......
......@@ -27,7 +27,6 @@
#endif
#include <errno.h>
#include <time.h>
#include <sys/types.h>
#include <errno.h>
......@@ -349,21 +348,6 @@ static int gnutls_HandshakeAndValidate (vlc_tls_t *session)
goto error;
}
time_t now;
time (&now);
if (gnutls_x509_crt_get_expiration_time (cert) < now)
{
msg_Err (session, "Certificate expired");
goto error;
}
if (gnutls_x509_crt_get_activation_time (cert) > now)
{
msg_Err( session, "Certificate not yet valid" );
goto error;
}
gnutls_x509_crt_deinit (cert);
msg_Dbg (session, "TLS/x509 certificate verified");
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment