From 561e574e2f6645327b8d535d3f9c6c4029b5a089 Mon Sep 17 00:00:00 2001 From: Emeric Brun Date: Tue, 2 Oct 2012 15:20:55 +0200 Subject: [PATCH] BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified. --- src/ssl_sock.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 07be3eaac..8b62c0ace 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -519,6 +519,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy curproxy->id, bind_conf->cafile, bind_conf->arg, bind_conf->file, bind_conf->line); cfgerr++; } + else { + X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + } } }