Imported Upstream version 2.3.10upstream/2.3.10

author: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-01-20 12:01:07 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-01-20 12:01:07 +0100
commit: 9653b1bffea4e96c1eb7c1814e8bed21fea62321 (patch)
tree: 485f02f91b424955a45c1cc12876c31d3d957f9b /src/openvpn/ssl_backend.h
parent: 41ffafc126abd9af67061f4931b7614f3cb898b0 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 6d47bd0..4b35e51 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -176,6 +176,15 @@ void tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags);
 void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers);
 
 /**
+ * Check our certificate notBefore and notAfter fields, and warn if the cert is
+ * either not yet valid or has expired.  Note that this is a non-fatal error,
+ * since we compare against the system time, which might be incorrect.
+ *
+ * @param ctx		TLS context to get our certificate from.
+ */
+void tls_ctx_check_cert_time (const struct tls_root_ctx *ctx);
+
+/**
  * Load Diffie Hellman Parameters, and load them into the library-specific
  * TLS context.
  *
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-01-20 12:01:07 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-01-20 12:01:07 +0100
commit	9653b1bffea4e96c1eb7c1814e8bed21fea62321 (patch)
tree	485f02f91b424955a45c1cc12876c31d3d957f9b /src/openvpn/ssl_backend.h
parent	41ffafc126abd9af67061f4931b7614f3cb898b0 (diff)