S2S-SSL/GnuTLS: Enable CRL verification

author Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>

Sat, 30 Mar 2024 23:36:53 +0000 (00:36 +0100)

committer Alexander Barton <alex@barton.de>

Sun, 31 Mar 2024 09:19:48 +0000 (11:19 +0200)
author Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>
Sat, 30 Mar 2024 23:36:53 +0000 (00:36 +0100)
committer Alexander Barton <alex@barton.de>
Sun, 31 Mar 2024 09:19:48 +0000 (11:19 +0200)
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c

index ea0e3d1b19a05c88fda234e9a06c12153e8df34b..13b799536bac172c2d88d30b75f1aa5ae006510d 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -518,6 +518,7 @@ ConnSSL_LoadServerKey_gnutls(void)
                 return false;
  
         gnutls_certificate_set_dh_params(x509_cred, dh_params);
+       gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_VERIFY_CRLS);
  
         cert_file = Conf_SSLOptions.CertFile ?
                         Conf_SSLOptions.CertFile : Conf_SSLOptions.KeyFile;
author	Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>
	Sat, 30 Mar 2024 23:36:53 +0000 (00:36 +0100)
committer	Alexander Barton <alex@barton.de>
	Sun, 31 Mar 2024 09:19:48 +0000 (11:19 +0200)