From 97ebf89b26c777ea6cffd578b6ea5b3a1c9341bf Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Tue, 9 Apr 2013 07:54:25 +0000
Subject: [PATCH] Include expired but whitelisted certificates at a comment
 level rather than suppressing entirely.  This means that it will still be
 visible if there is another error on the certificate, but won't prompt output
 if the certificate is otherwise OK.

---
 build/check_embedded.pl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index 8a059a8b..e9894558 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -394,12 +394,16 @@ sub comment {
 		#
 		if ($days < -$longExpiredDays) {
 			my $d = floor(-$days);
-			if (!defined($expiry_whitelist{$fingerprint})) {
+			if (defined($expiry_whitelist{$fingerprint})) {
+				comment("EXPIRED LONG AGO ($d days; $notAfter)");
+			} else {
 				error("EXPIRED LONG AGO ($d days; $notAfter)");
 				comment("fingerprint $fingerprint");
 			}
 		} elsif ($days < 0) {
-			if (!defined($expiry_whitelist{$fingerprint})) {
+			if (defined($expiry_whitelist{$fingerprint})) {
+				comment("EXPIRED ($notAfter)");
+			} else {
 				error("EXPIRED ($notAfter)");
 				comment("fingerprint $fingerprint");
 			}