summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Mauchle <fabian.mauchle@switch.ch>2017-03-24 11:05:18 +0100
committerLinus Nordberg <linus@nordu.net>2017-08-01 17:41:11 +0200
commit4fa79aa7a6332add75e334178e02737518a0bee7 (patch)
tree3128bb28cd9d223e47da556a561e84e5cda08cb3
parent9a565fe0289c55700677e7a6d8446a1de1e77e9e (diff)
create new cert_store before reloading CAs and CRLs
Conflicts: ChangeLog
-rw-r--r--ChangeLog4
-rw-r--r--tlscommon.c1
2 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4f7e485..8819261 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-10-?? 1.6.9
+ Bug fixes:
+ - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50).
+
2016-09-21 1.6.8
Bug fixes:
- Stop waiting on writable when reading a TCP socket.
diff --git a/tlscommon.c b/tlscommon.c
index 3d27a35..ca0fa83 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -158,6 +158,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) {
X509_STORE *x509_s;
unsigned long error;
+ SSL_CTX_set_cert_store(ctx, X509_STORE_new());
if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) {
while ((error = ERR_get_error()))
debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL));