From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Wed, 28 Feb 2018 11:29:51 +0000 (+0200)
Subject: login-common: Fix boolean misuse in preverify_ok
X-Git-Tag: 2.2.36.rc1~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c3b9d6d05fbbb8f1f260723517a15af6cfa7928;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Fix boolean misuse in preverify_ok

Fixes problem where dovecot does not accept revoked cert
when CRL checking has been disabled.
---

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 947c8ef700..76d5a26f10 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -921,7 +921,7 @@ static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
 		/* no CRL given with the CA list. don't worry about it. */
 		preverify_ok = 1;
 	}
-	if (!preverify_ok)
+	if (preverify_ok == 0)
 		proxy->cert_broken = TRUE;
 
 	subject = X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx));