dovecot-2.0: login proxy: Don't fail connection if CRL isn't fou...

dovecot at dovecot.org dovecot at dovecot.org
Thu Nov 17 00:41:51 EET 2011


details:   http://hg.dovecot.org/dovecot-2.0/rev/4294e9136cd6
changeset: 12979:4294e9136cd6
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Nov 17 00:41:15 2011 +0200
description:
login proxy: Don't fail connection if CRL isn't found for some certificate.

diffstat:

 src/login-common/ssl-proxy-openssl.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff -r de8715e4d793 -r 4294e9136cd6 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Wed Nov 16 23:40:03 2011 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Thu Nov 17 00:41:15 2011 +0200
@@ -929,6 +929,10 @@
 		else
 			i_info("Valid certificate: %s", buf);
 	}
+	if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL && proxy->client_proxy) {
+		/* no CRL given with the CA list. don't worry about it. */
+		preverify_ok = 1;
+	}
 	if (!preverify_ok)
 		proxy->cert_broken = TRUE;
 


More information about the dovecot-cvs mailing list