trying to enable CRL checking

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/branches/release-1.1@303 e88ac4ed-0b26-0410-9574-a7f39faa03bf
author: venaas <venaas> 2008-07-16 13:32:50 +0000
committer: venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> 2008-07-16 13:32:50 +0000
commit: 6ce92810067754e9ce1587070acd3d2e27b8ee1d (patch)
tree: 81da77b4b91bf07b8ba10b075e1be1a3c8d8ae01
parent: a38bb790a5d70b61064e9335d6cb6b377d9a32ff (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index b671cb7..b57a987 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2536,6 +2536,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
     struct tls *new;
     SSL_CTX *ctx;
     STACK_OF(X509_NAME) *calist;
+    X509_STORE *x509_s;
     int i;
     unsigned long error;
     
@@ -2600,6 +2601,9 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb);
     SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1);
 
+    x509_s = SSL_CTX_get_cert_store(ctx);
+    X509_STORE_set_flags(x509_s, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+    
     new = malloc(sizeof(struct tls));
     if (!new || !list_push(tlsconfs, new))
 	debugx(1, DBG_ERR, "malloc failed");
author	venaas <venaas>	2008-07-16 13:32:50 +0000
committer	venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>	2008-07-16 13:32:50 +0000
commit	6ce92810067754e9ce1587070acd3d2e27b8ee1d (patch)
tree	81da77b4b91bf07b8ba10b075e1be1a3c8d8ae01
parent	a38bb790a5d70b61064e9335d6cb6b377d9a32ff (diff)