证书校验忽略CRL过期的错误。

2018-11-11 17:41:23 +08:00
parent c92c41523c
commit 865a4066fc
1 changed files with 3 additions and 1 deletions
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -288,7 +288,9 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 	//If a complete chain can be built and validated this function returns 1, otherwise it return zero or negtive code.
 	ret = X509_verify_cert(ctx);
 	err_code=X509_STORE_CTX_get_error(ctx);
-	if(ret!=1 && err_code!=X509_V_ERR_UNABLE_TO_GET_CRL && err_code!=X509_V_ERR_DIFFERENT_CRL_SCOPE)
+	if(ret!=1 && err_code!=X509_V_ERR_UNABLE_TO_GET_CRL 
+			&& err_code!=X509_V_ERR_DIFFERENT_CRL_SCOPE
+			&& err_code!=X509_V_ERR_CRL_HAS_EXPIRED)
 	{
 		subj=ssl_x509_subject(cert);
 		issuer=ssl_x509_issuer(cert);