diff options
author | Fabian Mauchle <fabian.mauchle@switch.ch> | 2017-03-24 11:05:18 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2017-08-01 17:41:11 +0200 |
commit | 4fa79aa7a6332add75e334178e02737518a0bee7 (patch) | |
tree | 3128bb28cd9d223e47da556a561e84e5cda08cb3 | |
parent | 9a565fe0289c55700677e7a6d8446a1de1e77e9e (diff) |
create new cert_store before reloading CAs and CRLs
Conflicts:
ChangeLog
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | tlscommon.c | 1 |
2 files changed, 5 insertions, 0 deletions
@@ -1,3 +1,7 @@ +2017-10-?? 1.6.9 + Bug fixes: + - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50). + 2016-09-21 1.6.8 Bug fixes: - Stop waiting on writable when reading a TCP socket. diff --git a/tlscommon.c b/tlscommon.c index 3d27a35..ca0fa83 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -158,6 +158,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) { X509_STORE *x509_s; unsigned long error; + SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) { while ((error = ERR_get_error())) debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); |