review.tizen.org Git - platform/upstream/glib-networking.git/commit

author	Seonah Moon <seonah1.moon@samsung.com>
	Thu, 2 Dec 2021 02:06:41 +0000 (11:06 +0900)
committer	Seonah Moon <seonah1.moon@samsung.com>
	Thu, 2 Dec 2021 02:06:44 +0000 (11:06 +0900)
commit	41baa68db75ba7721491c1ab588be530e2f98db3
tree	8d7e2cc752bc24e9107c9285fbec484c46a09f2c	tree \| snapshot
parent	7ec0c71752971234fd9cff111e632ec308a7b2ae	commit \| diff

openssl: remove manual check for certificate expiration

We should rely on OpenSSL to do this for us instead. Doing it here is
wrong because we wind up checking certificates that may not actually be
used in the final certificate chain constructed by OpenSSL. We don't
have any way to know which chain OpenSSL will build from the
certificates that we pass to it, so there is no way to safely perform
certificate validity checks at the glib-networking level.

Fixes #179

Corresponding change for GTlsDatabaseGnutls:
https://gitlab.gnome.org/GNOME/glib-networking/-/commit/a2cc9b8e08063745d9ba1091e030fbe43fc5a055

Corresponding change for GTlsCertificateGnutls:
https://gitlab.gnome.org/GNOME/glib-networking/-/commit/e1a8d06648328f3c5cb2de5ca016de8ac3ddc2b2

Documented by:
https://gitlab.gnome.org/GNOME/glib/-/commit/780af9cff3cc636525a973c3f0c0244f2422a39e

Change-Id: I354e8163001cdb4bdd8d06b0d9863debc3a0bf50

tls/openssl/gtlscertificate-openssl.c		diff \| blob \| history
tls/openssl/gtlsfiledatabase-openssl.c		diff \| blob \| history
tls/tests/certificate.c		diff \| blob \| history