]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5a56c33)
login-common: If no CRL check is required, allow revoked certs
authorAki Tuomi <aki.tuomi@dovecot.fi>
Wed, 28 Feb 2018 12:22:44 +0000 (14:22 +0200)
committerAki Tuomi <aki.tuomi@dovecot.fi>
Mon, 23 Apr 2018 11:36:12 +0000 (14:36 +0300)
src/login-common/ssl-proxy-openssl.c patch | blob | blame | history

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 586cb49eb485986db0e7792a4e3e0ca6f01de8ca..424ef70703093b1cf5297be2c0c99d534549f6f7 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -917,7 +917,8 @@ static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
 
        if (!proxy->login_set->ssl_require_crl &&
            (ctxerr == X509_V_ERR_UNABLE_TO_GET_CRL ||
-            ctxerr == X509_V_ERR_CRL_HAS_EXPIRED)) {
+            ctxerr == X509_V_ERR_CRL_HAS_EXPIRED ||
+            ctxerr == X509_V_ERR_CERT_REVOKED)) {
                /* no CRL given with the CA list. don't worry about it. */
                preverify_ok = 1;
        }
Mirror of https://github.com/dovecot/core.git