dovecot-2.1: *-login: Don't fail client's certificate if CRL is ...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Apr 25 21:32:08 EEST 2012
details: http://hg.dovecot.org/dovecot-2.1/rev/c2b7767afc38
changeset: 14481:c2b7767afc38
user: Timo Sirainen <tss at iki.fi>
date: Wed Apr 25 21:29:14 2012 +0300
description:
*-login: Don't fail client's certificate if CRL is expired.
This seems to be returned also when there is no CRL..
diffstat:
src/login-common/ssl-proxy-openssl.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diffs (14 lines):
diff -r 36cde186aec6 -r c2b7767afc38 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed Apr 25 21:28:16 2012 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Wed Apr 25 21:29:14 2012 +0300
@@ -864,7 +864,9 @@
proxy = SSL_get_ex_data(ssl, extdata_index);
proxy->cert_received = TRUE;
- if (proxy->client_proxy && ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) {
+ if (proxy->client_proxy &&
+ (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL ||
+ ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)) {
/* no CRL given with the CA list. don't worry about it. */
preverify_ok = 1;
}
More information about the dovecot-cvs
mailing list