mirror of
git://git.psyced.org/git/psyclpc
synced 2024-08-15 03:20:16 +00:00
tls crl patch from fippo
This commit is contained in:
psyc://psyced.org/~lynX
parent
f90051b4d6
commit
417f1703c6
1 changed files with 70 additions and 0 deletions
|
|
@ -411,6 +411,76 @@ tls_global_init (void)
|
|||
goto ssl_init_err;
|
||||
}
|
||||
|
||||
if (tls_crlfile != NULL || tls_crldirectory != NULL)
|
||||
{
|
||||
X509_STORE *store = X509_STORE_new();
|
||||
if (store != NULL)
|
||||
{
|
||||
if (tls_crlfile != NULL)
|
||||
{
|
||||
X509_LOOKUP *lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
||||
if (lookup != NULL)
|
||||
X509_LOOKUP_load_file(lookup, tls_crlfile, X509_FILETYPE_PEM);
|
||||
}
|
||||
if (tls_crldirectory != NULL)
|
||||
{
|
||||
X509_LOOKUP *lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
||||
if (lookup != NULL)
|
||||
X509_LOOKUP_add_dir(lookup, tls_crldirectory, X509_FILETYPE_PEM);
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
|
||||
SSL_CTX_set_cert_store(context, store);
|
||||
if (tls_crlfile != NULL && tls_crldirectory != NULL)
|
||||
{
|
||||
printf("%s TLS: (OpenSSL) CRLs from '%s' and '%s'.\n"
|
||||
, time_stamp(), tls_crlfile, tls_crldirectory);
|
||||
debug_message("%s TLS: (OpenSSL) CRLs from '%s' and '%s'.\n"
|
||||
, time_stamp(), tls_crlfile, tls_crldirectory);
|
||||
}
|
||||
else if (tls_crlfile != NULL)
|
||||
{
|
||||
printf("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||
, time_stamp(), tls_crlfile);
|
||||
debug_message("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||
, time_stamp(), tls_crlfile);
|
||||
}
|
||||
else if (tls_crldirectory != NULL)
|
||||
{
|
||||
printf("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||
, time_stamp(), tls_crldirectory);
|
||||
debug_message("%s TLS: (OpenSSL) CRLs from '%s'.\n"
|
||||
, time_stamp(), tls_crldirectory);
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("%s TLS: (OpenSSL) CRL checking disabled.\n"
|
||||
, time_stamp());
|
||||
debug_message("%s TLS: (OpenSSL) CRL checking disabled.\n"
|
||||
, time_stamp());
|
||||
}
|
||||
#else
|
||||
printf("%s TLS: Warning: Your OpenSSL version does not support "
|
||||
"Certificate revocation list checking\n"
|
||||
, time_stamp());
|
||||
debug_message("%s TLS: Warning: Your OpenSSL version does not "
|
||||
"support Certificate revocation list checking\n"
|
||||
, time_stamp());
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("%s TLS: Warning: There was a problem getting the "
|
||||
"storage context from OpenSSL. Certificate revocation "
|
||||
"list checking is not enabled.\n"
|
||||
, time_stamp());
|
||||
debug_message("%s TLS: Warning: There was a problem getting the "
|
||||
"storage context from OpenSSL. Certificate revocation "
|
||||
"list checking is not enabled.\n"
|
||||
, time_stamp());
|
||||
}
|
||||
}
|
||||
|
||||
if (!SSL_CTX_load_verify_locations(context, trustfile, trustdirectory))
|
||||
{
|
||||
#ifdef VERBOSE
|
||||
|
|
|
|||
Loading…
Reference in a new issue