summaryrefslogtreecommitdiff
path: root/modules/ssl/ssl_engine_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/ssl/ssl_engine_init.c')
-rw-r--r--modules/ssl/ssl_engine_init.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 797fbd12..9adca48a 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -787,14 +787,20 @@ static apr_status_t ssl_init_ctx_crl(server_rec *s,
X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
unsigned long crlflags = 0;
char *cfgp = mctx->pkp ? "SSLProxy" : "SSL";
+ int crl_check_mode;
+
+ if (mctx->crl_check_mask == UNSET) {
+ mctx->crl_check_mask = SSL_CRLCHECK_NONE;
+ }
+ crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
/*
* Configure Certificate Revocation List (CRL) Details
*/
if (!(mctx->crl_file || mctx->crl_path)) {
- if (mctx->crl_check_mode == SSL_CRLCHECK_LEAF ||
- mctx->crl_check_mode == SSL_CRLCHECK_CHAIN) {
+ if (crl_check_mode == SSL_CRLCHECK_LEAF ||
+ crl_check_mode == SSL_CRLCHECK_CHAIN) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01899)
"Host %s: CRL checking has been enabled, but "
"neither %sCARevocationFile nor %sCARevocationPath "
@@ -816,7 +822,7 @@ static apr_status_t ssl_init_ctx_crl(server_rec *s,
return ssl_die(s);
}
- switch (mctx->crl_check_mode) {
+ switch (crl_check_mode) {
case SSL_CRLCHECK_LEAF:
crlflags = X509_V_FLAG_CRL_CHECK;
break;
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 12:37:59 +0000