summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_backend.h
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-01-20 12:01:07 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-01-20 12:01:07 +0100
commit19eab1fe2df20e38ea64d7a642d3e21c957082b8 (patch)
treefad602b603321d3e0e45807f8abb4f6c670a6cf2 /src/openvpn/ssl_backend.h
parent35807e5652390e8b2fd66b9051f3b41c9488302e (diff)
parent9653b1bffea4e96c1eb7c1814e8bed21fea62321 (diff)
Merge tag 'upstream/2.3.10'
Upstream version 2.3.10
Diffstat (limited to 'src/openvpn/ssl_backend.h')
-rw-r--r--src/openvpn/ssl_backend.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 6d47bd0..4b35e51 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -176,6 +176,15 @@ void tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags);
void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers);
/**
+ * Check our certificate notBefore and notAfter fields, and warn if the cert is
+ * either not yet valid or has expired. Note that this is a non-fatal error,
+ * since we compare against the system time, which might be incorrect.
+ *
+ * @param ctx TLS context to get our certificate from.
+ */
+void tls_ctx_check_cert_time (const struct tls_root_ctx *ctx);
+
+/**
* Load Diffie Hellman Parameters, and load them into the library-specific
* TLS context.
*