From d424d2ef710b4f45c06bfad79089bd998d5a35f9 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sun, 26 Oct 2025 15:12:17 +0000 Subject: Fix allowing expired client certificates in some cases. This fixes a regression from v3. --- include/modules/ssl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 4526d7c9f..ff2646e8b 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -314,7 +314,7 @@ public: return nullptr; auto* cert = ssliohook->GetCertificate(); - if (!cert) + if (!cert || !cert->IsUsable()) return ""; return cert->GetFingerprint(); @@ -355,7 +355,7 @@ public: std::string GetFingerprint(User* user) { ssl_cert* cert = GetCertificate(user); - if (cert) + if (cert && cert->IsUsable()) return cert->GetFingerprint(); return ""; } @@ -368,7 +368,7 @@ public: std::vector GetFingerprints(User* user) { ssl_cert* cert = GetCertificate(user); - if (cert) + if (cert && cert->IsUsable()) return cert->GetFingerprints(); return {}; } -- cgit v1.3.1-10-gc9f91