diff options
| author | Milind Changire <mchangir@redhat.com> | 2019-03-14 10:55:52 +0530 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2019-03-19 09:38:28 +0000 |
| commit | 06fa261207f0f0625c52fa977b96e5875e9a91e0 (patch) | |
| tree | a8d5e215d7fdbbc52c4dac8a4baffde1f0978bf7 /rpc/rpc-transport/socket/src/socket.h | |
| parent | 43092dfd25295aba9d2426a82ea4027e08a7a2c5 (diff) | |
socket/ssl: fix crl handling
Problem:
Just setting the path to the CRL directory in socket_init() wasn't working.
Solution:
Need to use special API to retrieve and set X509_VERIFY_PARAM and set
the CRL checking flags explicitly.
Also, setting the CRL checking flags is a big pain, since the connection
is declared as failed if any CRL isn't found in the designated file or
directory. A comment has been added to the code appropriately.
Change-Id: I8a8ed2ddaf4b5eb974387d2f7b1a85c1ca39fe79
fixes: bz#1687326
Signed-off-by: Milind Changire <mchangir@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket/src/socket.h')
| -rw-r--r-- | rpc/rpc-transport/socket/src/socket.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h index 32339d362d2..897d98db698 100644 --- a/rpc/rpc-transport/socket/src/socket.h +++ b/rpc/rpc-transport/socket/src/socket.h @@ -14,6 +14,7 @@ #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/x509v3.h> +#include <openssl/x509_vfy.h> #ifdef HAVE_OPENSSL_DH_H #include <openssl/dh.h> #endif @@ -245,6 +246,7 @@ typedef struct { char *ssl_own_cert; char *ssl_private_key; char *ssl_ca_list; + char *crl_path; int pipe[2]; struct gf_sock_incoming incoming; /* -1 = not connected. 0 = in progress. 1 = connected */ |