From 45d8a4c9c08cc6233b863091317197b55bf9e00a Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Tue, 15 Mar 2016 19:13:36 +0000
Subject: [PATCH] mod_ssl: follow up to r1734561. Use the right crl_check_flags
 in ssl_callback_SSLVerify(), can be either a client or proxy connection here.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1735159 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_kernel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 952c92e6e0..025a95a870 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1635,7 +1635,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     }
 
     if (!ok && errnum == X509_V_ERR_UNABLE_TO_GET_CRL
-            && (sc->server->crl_check_flags & MODSSL_CCF_NO_CRL_FOR_CERT_OK)) {
+            && (mctx->crl_check_flags & MODSSL_CCF_NO_CRL_FOR_CERT_OK)) {
         errnum = X509_V_OK;
         ok = TRUE;
     }