search for: x509_v_err_crl_has_expir

Displaying 1 result from an estimated 1 matches for "x509_v_err_crl_has_expir".

2013 Apr 07
1
ssl_require_crl does not work as expected
.... I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If "ssl_require_crl = no" dovecot will use CRLs but tries to ignore openssl error codes X509_V_ERR_UNABLE_TO_GET_CRL and X509_V_ERR_CRL_HAS_EXPIRED. This is done in ssl_verify_client_cert() in ssl-proxy-openssl.c line 871, namely i_info("proxy=%d, require_crl=%d, error=%d", proxy->client_proxy, proxy->set->ssl_require_crl, ctx->error ); if (proxy->client_proxy && !proxy->set->ssl_require_crl &...