Displaying 2 results from an estimated 2 matches for "ssl_iostream_ctx_verify_remote_cert".
2013 Apr 07
1
ssl_require_crl does not work as expected
..._set_flags(store, X509_V_FLAG_CRL_CHECK |
// X509_V_FLAG_CRL_CHECK_ALL);
This tells OpenSSL not to check CRLs. Of course in production code this
should be done only if "ssl_require_crl = no".
Similar code is contained in iostream-openssl-context.c,
namely in routine ssl_iostream_ctx_verify_remote_cert()
Is this a bug?
Peter
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...LL)
- xname = X509_NAME_dup(xname);
- if (xname != NULL)
- sk_X509_NAME_push(xnames, xname);
- }
- if(itmp->crl)
- X509_STORE_add_crl(store, itmp->crl);
+ } else {
+ return 0;
}
- sk_X509_INFO_pop_free(inf, X509_INFO_free);
- *xnames_r = xnames;
- return 0;
+
}
static void
-ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx,
- STACK_OF(X509_NAME) *ca_names)
+ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE *store;
@@ -274,8 +251,6 @@
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
X...