Displaying 1 result from an estimated 1 matches for "ssl_verify_fail_if_no_peer_cert".
2006 Jun 01
1
ssl-proxy: client certificates and crl check
...{ i_warning("CERT: %s",buf); } /* logging */
- return 1;
+ return preverify_ok;
+ /* HJHJ */
+
}
static int
@@ -666,10 +684,20 @@
if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER |
- SSL_VERIFY_CLIENT_ONCE,
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
ssl_verify_client_cert);
}
+ /* HJHJ */
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ X509_STORE *store;
+ if( (store=SSL_CTX_get_cert_store(ssl_ctx)) != NULL )
+ { X509_STORE_set_flags( store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); }
+ else
+ { i_warning("X509 ge...