openssl: remove manual check for certificate expiration (!193) · Merge requests · GNOME / glib-networking

Michael Catanzaro requested to merge mcatanzaro/openssl-expiration into master Nov 24, 2021

We should rely on OpenSSL to do this for us instead. Doing it here is wrong because we wind up checking certificates that may not actually be used in the final certificate chain constructed by OpenSSL. We don't have any way to know which chain OpenSSL will build from the certificates that we pass to it, so there is no way to safely perform certificate validity checks at the glib-networking level.

Fixes #179 (closed)

Corresponding change for GTlsDatabaseGnutls: a2cc9b8e

Corresponding change for GTlsCertificateGnutls: e1a8d066

Documented by: glib@780af9cf

openssl: remove manual check for certificate expiration

Merge request reports