return -1;
}
/* Definitely an invalid certificate, abort. */
- if (status & GNUTLS_CERT_EXPIRED
- || status & GNUTLS_CERT_REVOKED
+ if (status & GNUTLS_CERT_REVOKED
+ || status & GNUTLS_CERT_INSECURE_ALGORITHM
|| status & GNUTLS_CERT_NOT_ACTIVATED
- || status & GNUTLS_CERT_INSECURE_ALGORITHM) {
+ || status & GNUTLS_CERT_EXPIRED
+ ) {
LOG(WARNING, "verify_tls_connection(): invalid server certificate");
return -1;
}