# HG changeset patch
# User Aki Tuomi <aki.tuomi@dovecot.fi>
# Date 1519820524 -7200
# Node ID 432635b3ef52b0c10f1ff144747765bd250e597b
# Parent  087aeff6bd2ae689642ceffec6795905aaac7fcb
login-common: ssl_require_crl works both ways

It applies for incoming and outgoing connections.

diff -r 087aeff6bd2a -r 432635b3ef52 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Wed Feb 28 13:29:51 2018 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Wed Feb 28 14:22:04 2018 +0200
@@ -915,7 +915,7 @@
 	proxy->cert_received = TRUE;
 	ctxerr = X509_STORE_CTX_get_error(ctx);
 
-	if (proxy->client_proxy && !proxy->login_set->ssl_require_crl &&
+	if (!proxy->login_set->ssl_require_crl &&
 	    (ctxerr == X509_V_ERR_UNABLE_TO_GET_CRL ||
 	     ctxerr == X509_V_ERR_CRL_HAS_EXPIRED)) {
 		/* no CRL given with the CA list. don't worry about it. */