review.tizen.org Git - platform/upstream/glib-networking.git/commit

author	Seonah Moon <seonah1.moon@samsung.com>
	Thu, 2 Dec 2021 02:06:41 +0000 (11:06 +0900)
committer	Seonah Moon <seonah1.moon@samsung.com>
	Fri, 3 Dec 2021 00:15:07 +0000 (09:15 +0900)
commit	dfdd5c26595bea830c6dcd55e8f7647bab6841b5
tree	8d7e2cc752bc24e9107c9285fbec484c46a09f2c	tree \| snapshot
parent	65cfbfdf032de7484a55e2a4a837c58c75189b75	commit \| diff

openssl: remove manual check for certificate expiration

We should rely on OpenSSL to do this for us instead. Doing it here is
wrong because we wind up checking certificates that may not actually be
used in the final certificate chain constructed by OpenSSL. We don't
have any way to know which chain OpenSSL will build from the
certificates that we pass to it, so there is no way to safely perform
certificate validity checks at the glib-networking level.

Fixes #179

Corresponding change for GTlsDatabaseGnutls:
https://gitlab.gnome.org/GNOME/glib-networking/-/commit/a2cc9b8e08063745d9ba1091e030fbe43fc5a055

Corresponding change for GTlsCertificateGnutls:
https://gitlab.gnome.org/GNOME/glib-networking/-/commit/e1a8d06648328f3c5cb2de5ca016de8ac3ddc2b2

Documented by:
https://gitlab.gnome.org/GNOME/glib/-/commit/780af9cff3cc636525a973c3f0c0244f2422a39e

Change-Id: I354e8163001cdb4bdd8d06b0d9863debc3a0bf50

tls/openssl/gtlscertificate-openssl.c		diff \| blob \| history
tls/openssl/gtlsfiledatabase-openssl.c		diff \| blob \| history
tls/tests/certificate.c		diff \| blob \| history