login-common: Fix boolean misuse in preverify_ok

Fixes problem where dovecot does not accept revoked cert
when CRL checking has been disabled.

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 947c8ef700fcdf5bee990e75c2a1a5105fd9d352..76d5a26f108a762567fc3ba113b7d6250e045530 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -921,7 +921,7 @@ static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
                /* no CRL given with the CA list. don't worry about it. */
                preverify_ok = 1;
        }
-       if (!preverify_ok)
+       if (preverify_ok == 0)
                proxy->cert_broken = TRUE;
 
        subject = X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx));