ITS#6998 MozNSS: when cert not required, ignore issuer expiration

When server certificate is not required in a TLS session (e.g. TLS_REQCERT is set to 'never'), ignore expired issuer certificate error and do not terminate the connection.
2025-01-06 10:46:21 +08:00 · 2011-07-20 18:55:33 +02:00 · 2011-07-20 18:55:33 +02:00 · e8ac17e17c
commit e8ac17e17c
parent 8eecc9a017
1 changed files with 1 additions and 0 deletions
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@ -671,6 +671,7 @@ tlsm_bad_cert_handler(void *arg, PRFileDesc *ssl)
 	case SEC_ERROR_UNTRUSTED_ISSUER:
 	case SEC_ERROR_UNKNOWN_ISSUER:
 	case SEC_ERROR_EXPIRED_CERTIFICATE:
+	case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
 		if (ctx->tc_verify_cert) {
 			success = SECFailure;
 		}