[pan2] another gnutls fix for the handling of expired certs

[Heinrich MÃller <henmull src gnome org>]

commit 14d9048700b49176049675a3b0af9c9a4838a665
Author: Heinrich MÃller <henmull src gnome org>
Date:   Wed Apr 4 18:31:17 2012 +0200

    another gnutls fix for the handling of expired certs

 pan/data/cert-store.cc |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index 9cd07ee..61f38b1 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -91,19 +91,19 @@ namespace pan
     if (status & GNUTLS_CERT_REVOKED)
     {
       g_warning ("The certificate has been revoked.\n");
-      fail = true;
+      fail = !mydata->always_trust;
     }
 
     if (status & GNUTLS_CERT_EXPIRED)
     {
       g_warning ("The certificate has expired\n");
-      fail = true;
+      fail = !mydata->always_trust;
     }
 
     if (status & GNUTLS_CERT_NOT_ACTIVATED)
     {
       g_warning ("The certificate is not yet activated\n");
-      fail = true;
+      fail = !mydata->always_trust;
     }
 
     /* Up to here the process is the same for X.509 certificates and
@@ -139,9 +139,9 @@ namespace pan
 
     if (!gnutls_x509_crt_check_hostname (cert, mydata->hostname_full.c_str()))
     {
-     if (!mydata->always_trust)
+      if (!mydata->always_trust)
         g_warning ("The certificate's owner does not match hostname '%s' !\n", mydata->hostname_full.c_str());
-     goto _fail;
+      goto _fail;
     }
 
     if (fail) goto _fail;