diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | dtls.c | 2 | ||||
| -rw-r--r-- | tlscommon.c | 1 | ||||
| -rw-r--r-- | udp.c | 2 |
4 files changed, 4 insertions, 2 deletions
@@ -20,6 +20,7 @@ Changes between 1.6.8 and the master branch - Don't use a smaller pthread stack size than what's allowed. - Don't follow NULL the pointer at debug level 5 (RADSECPROXY-68). - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73). + - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50). 2016-09-21 1.6.8 Bug fixes: @@ -670,7 +670,7 @@ void addserverextradtls(struct clsrvconf *conf) { switch (((struct hostportres *)list_first(conf->hostports)->data)->addrinfo->ai_family) { case AF_INET: if (client4_sock < 0) { - client4_sock = bindtoaddr(srcres, AF_INET, 0, 1); + client4_sock = bindtoaddr(srcres, AF_INET, 0, 0); if (client4_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name); } diff --git a/tlscommon.c b/tlscommon.c index f71cc11..842b955 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -153,6 +153,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) { X509_STORE *x509_s; unsigned long error; + SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) { while ((error = ERR_get_error())) debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); @@ -320,7 +320,7 @@ void addserverextraudp(struct clsrvconf *conf) { switch (((struct hostportres *)list_first(conf->hostports)->data)->addrinfo->ai_family) { case AF_INET: if (client4_sock < 0) { - client4_sock = bindtoaddr(srcres, AF_INET, 0, 1); + client4_sock = bindtoaddr(srcres, AF_INET, 0, 0); if (client4_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name); } |