1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-22 10:08:15 -05:00

fix expired cert check

This commit is contained in:
Darien Raymond 2018-04-18 11:45:49 +02:00
parent e6446d43c8
commit 10d7ed2e83
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
2 changed files with 37 additions and 1 deletions

View File

@ -3,6 +3,7 @@ package tls
import (
"context"
"crypto/tls"
"crypto/x509"
"time"
"v2ray.com/core/common/net"
@ -41,8 +42,14 @@ func (c *Config) BuildCertificates() []tls.Certificate {
}
func isCertificateExpired(c *tls.Certificate) bool {
if c.Leaf == nil && len(c.Certificate) > 0 {
if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil {
c.Leaf = pc
}
}
// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
return c.Leaf != nil && c.Leaf.NotAfter.After(time.Now().Add(-time.Minute))
return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute))
}
func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, error) {

View File

@ -33,3 +33,32 @@ func TestCertificateIssuing(t *testing.T) {
assert(err, IsNil)
assert(x509Cert.NotAfter.After(time.Now()), IsTrue)
}
func TestExpiredCertificate(t *testing.T) {
assert := With(t)
caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2ray.com"), cert.DNSNames("www.v2ray.com"))
certificate := ParseCertificate(caCert)
certificate.Usage = Certificate_AUTHORITY_ISSUE
certificate2 := ParseCertificate(expiredCert)
c := &Config{
Certificate: []*Certificate{
certificate,
certificate2,
},
}
tlsConfig := c.GetTLSConfig()
v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
ServerName: "www.v2ray.com",
})
assert(err, IsNil)
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
assert(err, IsNil)
assert(x509Cert.NotAfter.After(time.Now()), IsTrue)
}