enum lws_client_connect_ssl_connection_flags {
LCCSCF_USE_SSL = (1 << 0),
LCCSCF_ALLOW_SELFSIGNED = (1 << 1),
- LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK = (1 << 2)
+ LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK = (1 << 2),
+ LCCSCF_ALLOW_EXPIRED = (1 << 3)
};
/** struct lws_client_connect_info - parameters to connect with when using
n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) &&
wsi->use_ssl & LCCSCF_ALLOW_SELFSIGNED) {
lwsl_notice("accepting self-signed certificate\n");
+ } else if ((n == X509_V_ERR_CERT_NOT_YET_VALID ||
+ n == X509_V_ERR_CERT_HAS_EXPIRED) &&
+ wsi->use_ssl & LCCSCF_ALLOW_EXPIRED) {
+ lwsl_notice("accepting expired certificate\n");
} else {
lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",
n, ERR_error_string(n, sb));