From 3334d3b4a648e9c600f27ec3789dbb8abb199e67 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Thu, 13 Nov 2025 11:28:02 +0100
Subject: Don't check the certificate not before/after validity in
 chain_valid().

I think this should be checked separately, as out-of-date certificates
are still useful (e.g. if they are related to KDM decryption).
---
 wscript | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'wscript')

diff --git a/wscript b/wscript
index 4734bfab..5d7a5aa8 100644
--- a/wscript
+++ b/wscript
@@ -133,6 +133,15 @@ def configure(conf):
         conf.check(lib='dl', uselib_store='DL', msg='Checking for library dl')
 
     conf.check_cfg(package='openssl', args='--cflags --libs', uselib_store='OPENSSL', mandatory=True)
+    conf.check_cxx(fragment="""
+                   #include <openssl/x509.h>
+                   int main() { X509_STORE* s; X509_STORE_set_flags(s, X509_V_FLAG_NO_CHECK_TIME); }
+                   """,
+                   msg='Checking for X509_V_FLAG_NO_CHECK_TIME',
+                   define_name='LIBDCP_HAVE_NO_CHECK_TIME',
+                   use='OPENSSL',
+                   mandatory=False)
+
     conf.check_cfg(package='libxml++-' + conf.env.XMLPP_API, args='--cflags --libs', uselib_store='LIBXML++', mandatory=True)
     conf.check_cfg(package='xmlsec1', args='--cflags --libs', uselib_store='XMLSEC1', mandatory=True)
     # Remove erroneous escaping of quotes from xmlsec1 defines
-- 
cgit v1.2.3