mirror of git://git.psyced.org/git/psyclpc
tls crl patch from fippo
This commit is contained in:
parent
f90051b4d6
commit
417f1703c6
|
@ -411,6 +411,76 @@ tls_global_init (void)
|
||||||
goto ssl_init_err;
|
goto ssl_init_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (tls_crlfile != NULL || tls_crldirectory != NULL)
|
||||||
|
{
|
||||||
|
X509_STORE *store = X509_STORE_new();
|
||||||
|
if (store != NULL)
|
||||||
|
{
|
||||||
|
if (tls_crlfile != NULL)
|
||||||
|
{
|
||||||
|
X509_LOOKUP *lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
||||||
|
if (lookup != NULL)
|
||||||
|
X509_LOOKUP_load_file(lookup, tls_crlfile, X509_FILETYPE_PEM);
|
||||||
|
}
|
||||||
|
if (tls_crldirectory != NULL)
|
||||||
|
{
|
||||||
|
X509_LOOKUP *lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
||||||
|
if (lookup != NULL)
|
||||||
|
X509_LOOKUP_add_dir(lookup, tls_crldirectory, X509_FILETYPE_PEM);
|
||||||
|
}
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||||
|
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
|
||||||
|
SSL_CTX_set_cert_store(context, store);
|
||||||
|
if (tls_crlfile != NULL && tls_crldirectory != NULL)
|
||||||
|
{
|
||||||
|
printf("%s TLS: (OpenSSL) CRLs from '%s' and '%s'.\n"
|
||||||
|
, time_stamp(), tls_crlfile, tls_crldirectory);
|
||||||
|
debug_message("%s TLS: (OpenSSL) CRLs from '%s' and '%s'.\n"
|
||||||
|
, time_stamp(), tls_crlfile, tls_crldirectory);
|
||||||
|
}
|
||||||
|
else if (tls_crlfile != NULL)
|
||||||
|
{
|
||||||
|
printf("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||||
|
, time_stamp(), tls_crlfile);
|
||||||
|
debug_message("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||||
|
, time_stamp(), tls_crlfile);
|
||||||
|
}
|
||||||
|
else if (tls_crldirectory != NULL)
|
||||||
|
{
|
||||||
|
printf("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||||
|
, time_stamp(), tls_crldirectory);
|
||||||
|
debug_message("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||||
|
, time_stamp(), tls_crldirectory);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf("%s TLS: (OpenSSL) CRL checking disabled.\n"
|
||||||
|
, time_stamp());
|
||||||
|
debug_message("%s TLS: (OpenSSL) CRL checking disabled.\n"
|
||||||
|
, time_stamp());
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
printf("%s TLS: Warning: Your OpenSSL version does not support "
|
||||||
|
"Certificate revocation list checking\n"
|
||||||
|
, time_stamp());
|
||||||
|
debug_message("%s TLS: Warning: Your OpenSSL version does not "
|
||||||
|
"support Certificate revocation list checking\n"
|
||||||
|
, time_stamp());
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf("%s TLS: Warning: There was a problem getting the "
|
||||||
|
"storage context from OpenSSL. Certificate revocation "
|
||||||
|
"list checking is not enabled.\n"
|
||||||
|
, time_stamp());
|
||||||
|
debug_message("%s TLS: Warning: There was a problem getting the "
|
||||||
|
"storage context from OpenSSL. Certificate revocation "
|
||||||
|
"list checking is not enabled.\n"
|
||||||
|
, time_stamp());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!SSL_CTX_load_verify_locations(context, trustfile, trustdirectory))
|
if (!SSL_CTX_load_verify_locations(context, trustfile, trustdirectory))
|
||||||
{
|
{
|
||||||
#ifdef VERBOSE
|
#ifdef VERBOSE
|
||||||
|
|
Loading…
Reference in New Issue