offsetof(EAP_TLS_CONF, include_length), NULL, "yes" },
{ "check_crl", PW_TYPE_BOOLEAN,
offsetof(EAP_TLS_CONF, check_crl), NULL, "no"},
+ { "check_all_crl", PW_TYPE_BOOLEAN,
+ offsetof(EAP_TLS_CONF, check_all_crl), NULL, "no"},
{ "allow_expired_crl", PW_TYPE_BOOLEAN,
offsetof(EAP_TLS_CONF, allow_expired_crl), NULL, NULL},
{ "check_cert_cn", PW_TYPE_STRING_PTR,
if (conf->check_crl)
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
#endif
+#ifdef X509_V_FLAG_CRL_CHECK_ALL
+ if (conf->check_all_crl)
+ X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK_ALL);
+#endif
return store;
}
#endif /* HAVE_OPENSSL_OCSP_H */
return NULL;
}
X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+
+ if (conf->check_all_crl) {
+ X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK_ALL);
+ }
}
#endif