Commit bd28802d authored by David Woodhouse's avatar David Woodhouse

Make certificate expiry warning time variable (still default 60 days)

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent aafaa23f
......@@ -35,6 +35,7 @@ struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
vpninfo->mtu = 1406;
vpninfo->ssl_fd = -1;
vpninfo->cert_expire_warning = 60 * 86400;
vpninfo->useragent = openconnect_create_useragent (useragent);
vpninfo->validate_peer_cert = validate_peer_cert;
vpninfo->write_new_config = write_new_config;
......
......@@ -262,6 +262,7 @@ int main(int argc, char **argv)
vpninfo->uid_csd_given = 0;
vpninfo->validate_peer_cert = validate_peer_cert;
vpninfo->cbdata = vpninfo;
vpninfo->cert_expire_warning = 60 * 86400;
if (!uname(&utsbuf))
vpninfo->localname = utsbuf.nodename;
......
......@@ -114,6 +114,7 @@ struct openconnect_info {
char *hostname;
int port;
char *urlpath;
int cert_expire_warning;
const char *cert;
const char *sslkey;
X509 *cert_x509;
......
......@@ -831,7 +831,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo)
} else if (i < 0) {
reason = _("Client certificate has expired at");
} else {
t += 60 * 86400;
t += vpninfo->cert_expire_warning;
i = X509_cmp_time(notAfter, &t);
if (i < 0) {
reason = _("Client certificate expires soon at");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment