2828#include " mbedtls/ctr_drbg.h"
2929#include " mbedtls/error.h"
3030#include " mbedtls/debug.h"
31+ #include " mbedtls/x509.h"
3132
3233#include < stdint.h>
3334#include < string.h>
@@ -290,8 +291,10 @@ int HelloHttpsClient::configureTlsContexts()
290291 */
291292 mbedtls_ssl_conf_authmode (&ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
292293
293- # if HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0
294+ /* Configure certificate verification function to clear time/date flags */
294295 mbedtls_ssl_conf_verify (&ssl_conf, sslVerify, this );
296+
297+ #if HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0
295298 mbedtls_ssl_conf_dbg (&ssl_conf, sslDebug, NULL );
296299 mbedtls_debug_set_threshold (HELLO_HTTPS_CLIENT_DEBUG_LEVEL);
297300#endif /* HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0 */
@@ -358,9 +361,18 @@ void HelloHttpsClient::sslDebug(void *ctx, int level, const char *file,
358361int HelloHttpsClient::sslVerify (void *ctx, mbedtls_x509_crt *crt, int depth,
359362 uint32_t *flags)
360363{
361- HelloHttpsClient *client = static_cast <HelloHttpsClient *>(ctx);
364+ int ret = 0 ;
365+
366+ /*
367+ * If MBEDTLS_HAVE_TIME_DATE is defined, then the certificate date and time
368+ * validity checks will probably fail because this application does not set
369+ * up the clock correctly. We filter out date and time related failures
370+ * instead
371+ */
372+ *flags &= ~MBEDTLS_X509_BADCERT_FUTURE & ~MBEDTLS_X509_BADCERT_EXPIRED;
362373
363- int ret = -1 ;
374+ #if HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0
375+ HelloHttpsClient *client = static_cast <HelloHttpsClient *>(ctx);
364376
365377 ret = mbedtls_x509_crt_info (client->gp_buf , sizeof (gp_buf), " \r "
366378 if (ret < 0 ) {
@@ -370,6 +382,7 @@ int HelloHttpsClient::sslVerify(void *ctx, mbedtls_x509_crt *crt, int depth,
370382 mbedtls_printf (" Verifying certificate at depth %d:\n %s\n "
371383 depth, client->gp_buf );
372384 }
385+ #endif /* HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0 */
373386
374387 return ret;
375388}
0 commit comments