From: Emeric Brun <ebrun@exceliance.fr>
Date: Tue, 2 Oct 2012 13:20:55 +0000 (+0200)
Subject: BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.
X-Git-Tag: v1.5-dev13~233
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=561e574e2f6645327b8d535d3f9c6c4029b5a089;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 07be3eaac8..8b62c0acec 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -519,6 +519,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
 				      curproxy->id, bind_conf->cafile, bind_conf->arg, bind_conf->file, bind_conf->line);
 				cfgerr++;
 			}
+			else {
+				X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+			}
 		}
 	}