If OCSP revocation data are invalid or too old set appropriate verification flags.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-13 23:04:36 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-13 23:07:12 +0200
commit: dd77bd8f7fe31caa8bee4882e88086b2e643201a (patch)
tree: a8480bcccf66c3c7a68fc82b4a21597985502ebb /src
parent: 515a055d1ec7a59e8a6d6de4a349a639e8f11447 (diff)
download: gnutls-dd77bd8f7fe31caa8bee4882e88086b2e643201a.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/common.c b/src/common.c
index 75048c621c..9ef83b6f81 100644
--- a/src/common.c
+++ b/src/common.c
@@ -439,6 +439,10 @@ cert_verify (gnutls_session_t session, const char* hostname)
 
           if (status & GNUTLS_CERT_REVOKED)
               printf ("- Peer's certificate chain revoked\n");
+          if (status & GNUTLS_CERT_REVOCATION_DATA_TOO_OLD)
+              printf ("- The revocation data provided by the peer are too old\n");
+          if (status & GNUTLS_CERT_REVOCATION_DATA_INVALID)
+              printf ("- The revocation data provided by the peer are invalid\n");
           if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
               printf ("- Peer's certificate issuer is unknown\n");
           if (status & GNUTLS_CERT_SIGNER_NOT_CA)
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-13 23:04:36 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-13 23:07:12 +0200
commit	dd77bd8f7fe31caa8bee4882e88086b2e643201a (patch)
tree	a8480bcccf66c3c7a68fc82b4a21597985502ebb /src
parent	515a055d1ec7a59e8a6d6de4a349a639e8f11447 (diff)
download	gnutls-dd77bd8f7fe31caa8bee4882e88086b2e643201a.tar.gz