BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.

author Emeric Brun <ebrun@exceliance.fr>

Tue, 2 Oct 2012 13:20:55 +0000 (15:20 +0200)

committer Willy Tarreau <w@1wt.eu>

Tue, 2 Oct 2012 14:05:51 +0000 (16:05 +0200)
author Emeric Brun <ebrun@exceliance.fr>
Tue, 2 Oct 2012 13:20:55 +0000 (15:20 +0200)
committer Willy Tarreau <w@1wt.eu>
Tue, 2 Oct 2012 14:05:51 +0000 (16:05 +0200)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 07be3ea..8b62c0a 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -519,6 +519,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
                                       curproxy->id, bind_conf->cafile, bind_conf->arg, bind_conf->file, bind_conf->line);
                                 cfgerr++;
                         }
+                       else {
+                               X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+                       }
                 }
         }
author	Emeric Brun <ebrun@exceliance.fr>
	Tue, 2 Oct 2012 13:20:55 +0000 (15:20 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Tue, 2 Oct 2012 14:05:51 +0000 (16:05 +0200)