[vlc-commits] GnuTLS: do not bother checking certificate dates

[Rémi Denis-Courmont]

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Fri May  4 19:10:01 2012 +0300| [7a379ad9c3add340326d2b8657dca74a40f923d2] | committer: Rémi Denis-Courmont

GnuTLS: do not bother checking certificate dates

Newer GnuTLS versions do it internally and in a more correct fashion.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=7a379ad9c3add340326d2b8657dca74a40f923d2
---

 configure.ac          |    2 +-
 modules/misc/gnutls.c |   16 ----------------
 2 files changed, 1 insertions(+), 17 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1362da3..03a55de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3985,7 +3985,7 @@ AS_IF([test "${have_libgcrypt}" != "yes"], [
   enable_gnutls="no"
 ])
 AS_IF([test "${enable_gnutls}" != "no"], [
-  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.8.0], [
+  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.6.6], [
     VLC_ADD_PLUGIN([gnutls])
   ], [
     AS_IF([test -n "${enable_gnutls}"], [
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 14810a5..26a0edd 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -27,7 +27,6 @@
 #endif
 
 #include <errno.h>
-#include <time.h>
 #include <sys/types.h>
 #include <errno.h>
 
@@ -349,21 +348,6 @@ static int gnutls_HandshakeAndValidate (vlc_tls_t *session)
         goto error;
     }
 
-    time_t now;
-    time (&now);
-
-    if (gnutls_x509_crt_get_expiration_time (cert) < now)
-    {
-        msg_Err (session, "Certificate expired");
-        goto error;
-    }
-
-    if (gnutls_x509_crt_get_activation_time (cert) > now)
-    {
-        msg_Err( session, "Certificate not yet valid" );
-        goto error;
-    }
-
     gnutls_x509_crt_deinit (cert);
     msg_Dbg (session, "TLS/x509 certificate verified");
     return 0;