X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=203c377eb8991489814672d819082bb4c16f5333;hb=bc715c756677bee7cdb7109cc656e3e5f526c988;hp=87ca452240ca84d40c1ef59cea2ab112db03d1a3;hpb=c1572b1c1d6effb21083c6b09f08b30824827a98;p=quassel.git

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 87ca4522..203c377e 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -24,6 +24,7 @@
 #  include <QSslSocket>
 #endif
 
+#include <QDateTime>
 #include <QFile>
 
 #include "logger.h"
@@ -123,9 +124,22 @@ bool SslServer::setCertificate(const QString &path)
         quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
         return false;
     }
-    if (!_cert.isValid()) {
-        quWarning() << "SslServer: Invalid certificate (most likely expired)";
-        // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
+
+    // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
+    const QDateTime now = QDateTime::currentDateTime();
+    if (now < _cert.effectiveDate())
+        quWarning() << "SslServer: Certificate won't be valid before" << _cert.effectiveDate().toString();
+
+    else if (now > _cert.expiryDate())
+        quWarning() << "SslServer: Certificate expired on" << _cert.expiryDate().toString();
+
+    else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
+#if QT_VERSION < 0x050000
+        if (!_cert.isValid())
+#else
+        if (_cert.isBlacklisted())
+#endif
+            quWarning() << "SslServer: Certificate blacklisted";
     }
     if (_key.isNull()) {
         quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";