wrong time?

[Jouni Malinen]

On Thu, May 15, 2008 at 12:57:26PM -0600, Jeff Sadowski wrote:
> Oooh I'm looking at the source now and I would like to add to the
> struct x509_certificate {
> under
> enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
> 
> maybe "Ignore = -1"
> I think that would be the easiest way to add it.

If you have a use case where it would be desirable to be able to disable
just the validBefore/After validation, yes, you could do that. If it is
fine to just disable certificate chain validation completely when
ca_cert is not set, changing tls_process_certificate() would be simpler
(just add 'conn->cred->trusted_certs &&' before call to
x509_certificate_chain_validate).

-- 
Jouni Malinen                                            PGP id EFC895FA