diff options
| -rw-r--r-- | src/certificate_chain.cc | 11 | ||||
| -rw-r--r-- | test/certificates_test.cc | 10 | ||||
| -rw-r--r-- | wscript | 9 |
3 files changed, 29 insertions, 1 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc index 0afc7e62..953ab22e 100644 --- a/src/certificate_chain.cc +++ b/src/certificate_chain.cc @@ -482,7 +482,16 @@ CertificateChain::chain_valid(List const & chain, string* error) const throw MiscError ("could not create X509 store context"); } - X509_STORE_set_flags (store, 0); +#ifdef LIBDCP_HAVE_NO_CHECK_TIME + X509_STORE_set_flags(store, X509_V_FLAG_NO_CHECK_TIME); +#else + auto param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_time(param, i->not_before().as_time_t() + 60); + X509_STORE_set1_param(store, param); + X509_STORE_set_flags(store, X509_V_FLAG_USE_CHECK_TIME); + X509_VERIFY_PARAM_free(param); +#endif + if (!X509_STORE_CTX_init (ctx, store, j->x509(), 0)) { X509_STORE_CTX_free (ctx); X509_STORE_free (store); diff --git a/test/certificates_test.cc b/test/certificates_test.cc index 32b2f95c..68892049 100644 --- a/test/certificates_test.cc +++ b/test/certificates_test.cc @@ -302,3 +302,13 @@ BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers) } } + +BOOST_AUTO_TEST_CASE(chain_valid_checks_do_not_check_dates) +{ + dcp::CertificateChain chain; + chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "root"))); + chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "intermediate"))); + chain.add(dcp::Certificate(dcp::file_to_string(private_test / "old-certificates" / "leaf"))); + BOOST_CHECK(chain.chain_valid()); +} + @@ -133,6 +133,15 @@ def configure(conf): conf.check(lib='dl', uselib_store='DL', msg='Checking for library dl') conf.check_cfg(package='openssl', args='--cflags --libs', uselib_store='OPENSSL', mandatory=True) + conf.check_cxx(fragment=""" + #include <openssl/x509.h> + int main() { X509_STORE* s; X509_STORE_set_flags(s, X509_V_FLAG_NO_CHECK_TIME); } + """, + msg='Checking for X509_V_FLAG_NO_CHECK_TIME', + define_name='LIBDCP_HAVE_NO_CHECK_TIME', + use='OPENSSL', + mandatory=False) + conf.check_cfg(package='libxml++-' + conf.env.XMLPP_API, args='--cflags --libs', uselib_store='LIBXML++', mandatory=True) conf.check_cfg(package='xmlsec1', args='--cflags --libs', uselib_store='XMLSEC1', mandatory=True) # Remove erroneous escaping of quotes from xmlsec1 defines |