Mercurial > dovecot > core-2.2

changeset 22917:827eab50e33a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
login-common: If no CRL check is required, allow revoked certs
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Wed, 28 Feb 2018 14:22:44 +0200
parents 432635b3ef52
children 6ca30380a3f5
files src/login-common/ssl-proxy-openssl.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Wed Feb 28 14:22:04 2018 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Wed Feb 28 14:22:44 2018 +0200
@@ -917,7 +917,8 @@
 
 	if (!proxy->login_set->ssl_require_crl &&
 	    (ctxerr == X509_V_ERR_UNABLE_TO_GET_CRL ||
-	     ctxerr == X509_V_ERR_CRL_HAS_EXPIRED)) {
+	     ctxerr == X509_V_ERR_CRL_HAS_EXPIRED ||
+	     ctxerr == X509_V_ERR_CERT_REVOKED)) {
 		/* no CRL given with the CA list. don't worry about it. */
 		preverify_ok = 1;
 	}