From 4a8f95955fe38a4cf225c29e7d8cc4b52ab40768 Mon Sep 17 00:00:00 2001
From: venaas <venaas>
Date: Wed, 16 Jul 2008 13:32:50 +0000
Subject: trying to enable CRL checking

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@303 e88ac4ed-0b26-0410-9574-a7f39faa03bf
---
 radsecproxy.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/radsecproxy.c b/radsecproxy.c
index 99b9dde..806f844 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2751,6 +2751,7 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
     struct tls *new;
     SSL_CTX *ctx;
     STACK_OF(X509_NAME) *calist;
+    X509_STORE *x509_s;
     int i;
     unsigned long error;
     
@@ -2815,6 +2816,9 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb);
     SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1);
 
+    x509_s = SSL_CTX_get_cert_store(ctx);
+    X509_STORE_set_flags(x509_s, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+
     new = malloc(sizeof(struct tls));
     if (!new || !list_push(tlsconfs, new))
 	debugx(1, DBG_ERR, "malloc failed");
-- 
cgit v1.2.3