From cc2398b811852bdfdc0f18d4b2799072b782861e Mon Sep 17 00:00:00 2001
From: Matthew Newton <mcn4@leicester.ac.uk>
Date: Mon, 10 Nov 2014 23:39:09 +0000
Subject: [PATCH] disable softfail by default (in line with documentation)

---
 src/main/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index 8055088..d5a0f5a 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -917,7 +917,7 @@ static CONF_PARSER ocsp_config[] = {
 	{ "url", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, ocsp_url), NULL },
 	{ "use_nonce", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, ocsp_use_nonce), "yes" },
 	{ "timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, ocsp_timeout), "yes" },
-	{ "softfail", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, ocsp_softfail), "yes" },
+	{ "softfail", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, ocsp_softfail), "no" },
 	{ NULL, -1, 0, NULL, NULL }	   /* end the list */
 };
 #endif
-- 
2.1.4