From: Jouni Malinen <j@w1.fi>
Date: Mon, 11 Feb 2019 12:00:13 +0000 (+0200)
Subject: OpenSSL: Fix uninitialized variable in CRL reloading corner case
X-Git-Tag: hostap_2_8~374
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91205c8eb4e63ccc712edb8024f53fee15acb58e;p=thirdparty%2Fhostap.git

OpenSSL: Fix uninitialized variable in CRL reloading corner case

The flags variable needs to be initialized to 0 if check_crl is 0 in
the updated configuration.

Fixes: 159a7fbdeafe ("crl_reload_interval: Add CRL reloading support")
Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d8422d25d..18d76737e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -329,8 +329,7 @@ static X509_STORE * tls_crl_cert_reload(const char *ca_cert, int check_crl)
 		return NULL;
 	}
 
-	if (check_crl)
-		flags = X509_V_FLAG_CRL_CHECK;
+	flags = check_crl ? X509_V_FLAG_CRL_CHECK : 0;
 	if (check_crl == 2)
 		flags |= X509_V_FLAG_CRL_CHECK_ALL;