diff options
Diffstat (limited to 'src/gmcerts.c')
| -rw-r--r-- | src/gmcerts.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c index da918279..3e629f8f 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c | |||
| @@ -380,7 +380,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
| 380 | if (isExpired_TlsCertificate(cert)) { | 380 | if (isExpired_TlsCertificate(cert)) { |
| 381 | return iFalse; | 381 | return iFalse; |
| 382 | } | 382 | } |
| 383 | if (!verifyDomain_TlsCertificate(cert, domain)) { | 383 | /* We trust CA verification implicitly. */ |
| 384 | const iBool isAuth = verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus; | ||
| 385 | if (!isAuth && !verifyDomain_TlsCertificate(cert, domain)) { | ||
| 384 | return iFalse; | 386 | return iFalse; |
| 385 | } | 387 | } |
| 386 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ | 388 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ |
| @@ -394,9 +396,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
| 394 | if (trust) { | 396 | if (trust) { |
| 395 | /* We already have it, check if it matches the one we trust for this domain (if it's | 397 | /* We already have it, check if it matches the one we trust for this domain (if it's |
| 396 | still valid. */ | 398 | still valid. */ |
| 397 | iTime now; | 399 | if (!isAuth && elapsedSeconds_Time(&trust->validUntil) > 0) { |
| 398 | initCurrent_Time(&now); | ||
| 399 | if (secondsSince_Time(&trust->validUntil, &now) > 0) { | ||
| 400 | /* Trusted cert is still valid. */ | 400 | /* Trusted cert is still valid. */ |
| 401 | const iBool isTrusted = cmp_Block(fingerprint, &trust->fingerprint) == 0; | 401 | const iBool isTrusted = cmp_Block(fingerprint, &trust->fingerprint) == 0; |
| 402 | unlock_Mutex(d->mtx); | 402 | unlock_Mutex(d->mtx); |