+
+optional<Config::BadReason>
+Config::check_certificates () const
+{
+ optional<BadReason> bad;
+
+ for (auto const& i: _signer_chain->unordered()) {
+ if (i.has_utf8_strings()) {
+ bad = BAD_SIGNER_UTF8_STRINGS;
+ }
+ if ((i.not_after().year() - i.not_before().year()) > 15) {
+ bad = BAD_SIGNER_VALIDITY_TOO_LONG;
+ }
+ }
+
+ if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
+ bad = BAD_SIGNER_INCONSISTENT;
+ }
+
+ if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) {
+ bad = BAD_DECRYPTION_INCONSISTENT;
+ }
+
+ return bad;
+}
+