Hi, On Wed, Dec 23, 2015 at 4:11 PM, Jan Just Keijser <janj...@nikhef.nl> wrote: > Steffan Karger wrote: >> >> [...] >> Just use mbedtls ;-) >> >> OpenSSL 1.0.2 has been released almost a year ago, so upcoming distro >> releases will probably contain 1.0.2+ (e.g. Ubuntu 15.10 already has >> it, 16.04 LTS will have it too). Should not take too long, right? >> >> As you've probably noticed in the other thread, I don't particularly >> like the idea of adding that extra code. But I won't actively oppose >> such a patch either. > > I justed wanted to get back to this one one more time: attached is a patch > to ssl_openssl.c that works in combination with Steffan's patch to check for > expired certificates. This new patch-patch works on my CentOS 6 (openssl > 1.0.1e) box :) This patch was done against the v2.3.9 code base and I have > no clue how to get it into proper git formatting ;)
This looks very promising! Thanks. Do you have any clue if this will work on pre-1.0.1 too? (If not, I can test, but if you do, I can save myself the trouble.) -Steffan
