sipsecid: added cert verify option for time only

- related to GH #32
asipto · Oct 18, 2024 · 9fec39c · 9fec39c
1 parent 4992ca0
commit 9fec39c
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/secsipid/secsipid.go b/secsipid/secsipid.go
@@ -112,11 +112,12 @@ type SJWTLibOptions struct {
 }
 
 const (
-	CertVerifyOptTime    = (1 << 0)
-	CertVerifyOptSysCA   = (1 << 1)
-	CertVerifyOptCustCA  = (1 << 2)
-	CertVerifyOptInterCA = (1 << 3)
-	CertVerifyOptCRL     = (1 << 4)
+	CertVerifyOptTime     = (1 << 0)
+	CertVerifyOptSysCA    = (1 << 1)
+	CertVerifyOptCustCA   = (1 << 2)
+	CertVerifyOptInterCA  = (1 << 3)
+	CertVerifyOptCRL      = (1 << 4)
+	CertVerifyOptTimeOnly = (1 << 5)
 )
 
 var globalLibOptions = SJWTLibOptions{
@@ -271,14 +272,18 @@ func SJWTPubKeyVerify(pubKey []byte) (int, error) {
 		return SJWTRetErrCertInvalidFormat, errors.New("failed to parse certificate PEM")
 	}
 
-	if (globalLibOptions.certVerify & CertVerifyOptTime) != 0 {
+	if (globalLibOptions.certVerify & (CertVerifyOptTime | CertVerifyOptTimeOnly)) != 0 {
 		if !time.Now().Before(certVal.NotAfter) {
 			return SJWTRetErrCertExpired, errors.New("certificate expired")
 		} else if !time.Now().After(certVal.NotBefore) {
 			return SJWTRetErrCertBeforeValidity, errors.New("certificate not valid yet")
 		}
 	}
 
+	if (globalLibOptions.certVerify & CertVerifyOptTimeOnly) != 0 {
+		return SJWTRetOK, nil
+	}
+
 	rootCAs = nil
 	interCAs = nil
 	if (globalLibOptions.certVerify & CertVerifyOptSysCA) != 0 {