projects / freeradius.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Set X509_V_FLAG_CRL_CHECK_ALL
[freeradius.git] / src / modules / rlm_eap / types / rlm_eap_tls / rlm_eap_tls.c
diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
index a958d04..aac26bc 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -120,6 +120,8 @@ static CONF_PARSER module_config[] = {
          offsetof(EAP_TLS_CONF, include_length), NULL, "yes" },
        { "check_crl", PW_TYPE_BOOLEAN,
          offsetof(EAP_TLS_CONF, check_crl), NULL, "no"},
+       { "check_all_crl", PW_TYPE_BOOLEAN,
+         offsetof(EAP_TLS_CONF, check_all_crl), NULL, "no"},
        { "allow_expired_crl", PW_TYPE_BOOLEAN,
          offsetof(EAP_TLS_CONF, allow_expired_crl), NULL, NULL},
        { "check_cert_cn", PW_TYPE_STRING_PTR,
@@ -976,6 +978,10 @@ static X509_STORE *init_revocation_store(EAP_TLS_CONF *conf)
        if (conf->check_crl)
                X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
 #endif
+#ifdef X509_V_FLAG_CRL_CHECK_ALL
+       if (conf->check_all_crl)
+               X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK_ALL);
+#endif
        return store;
 }
 #endif /* HAVE_OPENSSL_OCSP_H */
@@ -1240,6 +1246,10 @@ static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf)
            return NULL;
          }
          X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+
+         if (conf->check_all_crl) {
+                 X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK_ALL);
+         }
        }
 #endif
 
Unnamed repository; edit this file 'description' to name the repository.