From 4fa79aa7a6332add75e334178e02737518a0bee7 Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Fri, 24 Mar 2017 11:05:18 +0100 Subject: create new cert_store before reloading CAs and CRLs Conflicts: ChangeLog --- ChangeLog | 4 ++++ tlscommon.c | 1 + 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4f7e485..8819261 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2017-10-?? 1.6.9 + Bug fixes: + - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50). + 2016-09-21 1.6.8 Bug fixes: - Stop waiting on writable when reading a TCP socket. diff --git a/tlscommon.c b/tlscommon.c index 3d27a35..ca0fa83 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -158,6 +158,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) { X509_STORE *x509_s; unsigned long error; + SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) { while ((error = ERR_get_error())) debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); -- cgit v1.1