Don't check the certificate not before/after validity in chain_valid().v1.10.40

I think this should be checked separately, as out-of-date certificates are still useful (e.g. if they are related to KDM decryption).
author: Carl Hetherington <cth@carlh.net> 2025-11-13 11:28:02 +0100
committer: Carl Hetherington <cth@carlh.net> 2025-11-13 12:30:52 +0100
commit: 3334d3b4a648e9c600f27ec3789dbb8abb199e67 (patch)
tree: d25d59e919b261a799a315b8c78ae35d9861ecc4 /test
parent: a1d0ec67f0ab65b61140d28cfb726812c1604cdc (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 32b2f95c..68892049 100644
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -302,3 +302,13 @@ BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers)
 	}
 }
 
+
+BOOST_AUTO_TEST_CASE(chain_valid_checks_do_not_check_dates)
+{
+	dcp::CertificateChain chain;
+	chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "root")));
+	chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "intermediate")));
+	chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "leaf")));
+	BOOST_CHECK(chain.chain_valid());
+}
+
author	Carl Hetherington <cth@carlh.net>	2025-11-13 11:28:02 +0100
committer	Carl Hetherington <cth@carlh.net>	2025-11-13 12:30:52 +0100
commit	3334d3b4a648e9c600f27ec3789dbb8abb199e67 (patch)
tree	d25d59e919b261a799a315b8c78ae35d9861ecc4 /test
parent	a1d0ec67f0ab65b61140d28cfb726812c1604cdc (diff)