summaryrefslogtreecommitdiff
path: root/radsecproxy.c
diff options
context:
space:
mode:
authorvenaas <venaas>2008-07-16 13:32:50 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2008-07-16 13:32:50 +0000
commit4a8f95955fe38a4cf225c29e7d8cc4b52ab40768 (patch)
treedb100767086cb11014b8bb50746d52be7643b33d /radsecproxy.c
parent790b71250008f5050673c39db4d2cb62816a0145 (diff)
trying to enable CRL checking
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@303 e88ac4ed-0b26-0410-9574-a7f39faa03bf
Diffstat (limited to 'radsecproxy.c')
-rw-r--r--radsecproxy.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index 99b9dde..806f844 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2751,6 +2751,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
struct tls *new;
SSL_CTX *ctx;
STACK_OF(X509_NAME) *calist;
+ X509_STORE *x509_s;
int i;
unsigned long error;
@@ -2815,6 +2816,9 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb);
SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1);
+ x509_s = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(x509_s, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+
new = malloc(sizeof(struct tls));
if (!new || !list_push(tlsconfs, new))
debugx(1, DBG_ERR, "malloc failed");