ircd::net: Add open() option to allow expired certificates.

2024-11-25 08:12:37 +01:00 · 2018-02-10 18:36:23 -08:00 · 2018-02-10 18:36:23 -08:00 · 0dc8593b9c
commit 0dc8593b9c
parent 9ddf83c73c
2 changed files with 10 additions and 0 deletions
--- a/include/ircd/net/open.h
+++ b/include/ircd/net/open.h
@ -92,6 +92,9 @@ struct ircd::net::open_opts
 	/// Option to toggle whether to allow self-signed certificate authorities
 	/// in the chain. This is what corporate network nanny's may use to spy.
 	bool allow_self_chain { false };
+
+	/// Option to allow expired certificates.
+	bool allow_expired { false };
 };

 /// Constructor intended to provide implicit conversions (no-brackets required)
--- a/ircd/net.cc
+++ b/ircd/net.cc
@ -1884,6 +1884,13 @@ noexcept try

 			reject();
 			break;
+
+		case X509_V_ERR_CERT_HAS_EXPIRED:
+			if(opts.allow_expired)
+				return true;
+
+			reject();
+			break;
 	}

 	const bool verify_common_name