diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
index 97db72a3..3cd13471 100644
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -1060,7 +1060,7 @@ static int ma_gnutls_set_ciphers(gnutls_session_t ssl,
     char priority[1024];
     char *p= get_priority(token, priority, 1024);
     if (p)
-      strncat(prio, p, PRIO_SIZE - strlen(prio) - 1);
+      strncat(prio, p, PRIO_SIZE - strlen(prio));
     token = strtok(NULL, ":");
   }
   return gnutls_priority_set_direct(ssl, prio , &err);
@@ -1090,6 +1090,14 @@ static int ma_tls_set_certs(MYSQL *mysql,
       goto error;
   }
 
+  if (mysql->options.extension && mysql->options.extension->ssl_crl)
+  {
+    ssl_error= gnutls_certificate_set_x509_crl_file(ctx,
+                   mysql->options.extension->ssl_crl, GNUTLS_X509_FMT_PEM);
+    if (ssl_error < 0)
+      goto error;
+  }
+
   if (!mysql->options.ssl_ca && !mysql->options.ssl_capath)
   {
     ssl_error= gnutls_certificate_set_x509_system_trust(ctx);
@@ -1144,9 +1152,7 @@ void *ma_tls_init(MYSQL *mysql)
 
   data->mysql= mysql;
   gnutls_session_set_ptr(ssl, (void *)data);
-  /*
-  gnutls_certificate_set_retrieve_function2(GNUTLS_xcred, client_cert_callback);
- */
+
   ssl_error= ma_gnutls_set_ciphers(ssl, mysql->options.ssl_cipher, mysql->options.extension ? mysql->options.extension->tls_version : NULL);
   if (ssl_error < 0)
     goto error;