Make certificate expiry warning time variable (still default 60 days)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Sep 29, 2011 · bd28802 · bd28802
1 parent aafaa23
commit bd28802
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 1 deletion.
diff --git a/library.c b/library.c
@@ -35,6 +35,7 @@ struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
 
 	vpninfo->mtu = 1406;
 	vpninfo->ssl_fd = -1;
+	vpninfo->cert_expire_warning = 60 * 86400;
 	vpninfo->useragent = openconnect_create_useragent (useragent);
 	vpninfo->validate_peer_cert = validate_peer_cert;
 	vpninfo->write_new_config = write_new_config;

diff --git a/main.c b/main.c
@@ -262,6 +262,7 @@ int main(int argc, char **argv)
 	vpninfo->uid_csd_given = 0;
 	vpninfo->validate_peer_cert = validate_peer_cert;
 	vpninfo->cbdata = vpninfo;
+	vpninfo->cert_expire_warning = 60 * 86400;
 
 	if (!uname(&utsbuf))
 		vpninfo->localname = utsbuf.nodename;

diff --git a/openconnect-internal.h b/openconnect-internal.h
@@ -114,6 +114,7 @@ struct openconnect_info {
 	char *hostname;
 	int port;
 	char *urlpath;
+	int cert_expire_warning;
 	const char *cert;
 	const char *sslkey;
 	X509 *cert_x509;

diff --git a/ssl.c b/ssl.c
@@ -831,7 +831,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo)
 	} else if (i < 0) {
 		reason = _("Client certificate has expired at");
 	} else {
-		t += 60 * 86400;
+		t += vpninfo->cert_expire_warning;
 		i = X509_cmp_time(notAfter, &t);
 		if (i < 0) {
 			reason = _("Client certificate expires soon at");