Make certificate expiry warning time variable (still default 60 days)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/library.c b/library.c
index 0a1b76a..ec8880e 100644 (file)
--- a/library.c
+++ b/library.c
@@ -35,6 +35,7 @@ struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
 
        vpninfo->mtu = 1406;
        vpninfo->ssl_fd = -1;
+       vpninfo->cert_expire_warning = 60 * 86400;
        vpninfo->useragent = openconnect_create_useragent (useragent);
        vpninfo->validate_peer_cert = validate_peer_cert;
        vpninfo->write_new_config = write_new_config;

diff --git a/main.c b/main.c
index 21d9ffc..4c89f00 100644 (file)
--- a/main.c
+++ b/main.c
@@ -262,6 +262,7 @@ int main(int argc, char **argv)
        vpninfo->uid_csd_given = 0;
        vpninfo->validate_peer_cert = validate_peer_cert;
        vpninfo->cbdata = vpninfo;
+       vpninfo->cert_expire_warning = 60 * 86400;
 
        if (!uname(&utsbuf))
                vpninfo->localname = utsbuf.nodename;

diff --git a/openconnect-internal.h b/openconnect-internal.h
index e7f1dfb..baa69a9 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -114,6 +114,7 @@ struct openconnect_info {
        char *hostname;
        int port;
        char *urlpath;
+       int cert_expire_warning;
        const char *cert;
        const char *sslkey;
        X509 *cert_x509;

diff --git a/ssl.c b/ssl.c
index 9da68ab..2af0672 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -831,7 +831,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo)
        } else if (i < 0) {
                reason = _("Client certificate has expired at");
        } else {
-               t += 60 * 86400;
+               t += vpninfo->cert_expire_warning;
                i = X509_cmp_time(notAfter, &t);
                if (i < 0) {
                        reason = _("Client certificate expires soon at");