login-common: ssl_require_crl works both ways

author Aki Tuomi <aki.tuomi@dovecot.fi>

Wed, 28 Feb 2018 12:22:04 +0000 (14:22 +0200)

committer Aki Tuomi <aki.tuomi@dovecot.fi>

Mon, 23 Apr 2018 11:35:52 +0000 (14:35 +0300)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Wed, 28 Feb 2018 12:22:04 +0000 (14:22 +0200)
committer Aki Tuomi <aki.tuomi@dovecot.fi>
Mon, 23 Apr 2018 11:35:52 +0000 (14:35 +0300)
diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c

index 76d5a26f108a762567fc3ba113b7d6250e045530..586cb49eb485986db0e7792a4e3e0ca6f01de8ca 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -915,7 +915,7 @@ static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
         proxy->cert_received = TRUE;
         ctxerr = X509_STORE_CTX_get_error(ctx);
  
-       if (proxy->client_proxy && !proxy->login_set->ssl_require_crl &&
+       if (!proxy->login_set->ssl_require_crl &&
             (ctxerr == X509_V_ERR_UNABLE_TO_GET_CRL ||
              ctxerr == X509_V_ERR_CRL_HAS_EXPIRED)) {
                 /* no CRL given with the CA list. don't worry about it. */
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Wed, 28 Feb 2018 12:22:04 +0000 (14:22 +0200)
committer	Aki Tuomi <aki.tuomi@dovecot.fi>
	Mon, 23 Apr 2018 11:35:52 +0000 (14:35 +0300)