Mercurial > dovecot > core-2.2
changeset 22917:827eab50e33a
login-common: If no CRL check is required, allow revoked certs
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Wed, 28 Feb 2018 14:22:44 +0200 |
parents | 432635b3ef52 |
children | 6ca30380a3f5 |
files | src/login-common/ssl-proxy-openssl.c |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Wed Feb 28 14:22:04 2018 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Wed Feb 28 14:22:44 2018 +0200 @@ -917,7 +917,8 @@ if (!proxy->login_set->ssl_require_crl && (ctxerr == X509_V_ERR_UNABLE_TO_GET_CRL || - ctxerr == X509_V_ERR_CRL_HAS_EXPIRED)) { + ctxerr == X509_V_ERR_CRL_HAS_EXPIRED || + ctxerr == X509_V_ERR_CERT_REVOKED)) { /* no CRL given with the CA list. don't worry about it. */ preverify_ok = 1; }