ACK! WANT! (Tested with an expired certificate and it works, and looking at OpenSSL x509_vfy.c and PolarSSL x509_8h, I'm reasonable confident that it will also for for not-yet-valid certificates and that we call this all correctly)
Your patch has been applied to the master branch (release/2.3 coming when that has migrated to PolarSSL 1.3). commit 091edd8e2996867447eeb665af957547aa8b3107 (master) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Dec 14 21:09:18 2015 +0100 Warn user if their certificate has expired Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1450123758-31641-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10794 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering