mod_ssl: Add no_crl_for_cert_ok flag to SSLCARevocationCheck directive

to opt-in previous behaviour (2.2) with CRLs verification when checking certificate(s) with no corresponding CRL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734561 13f79535-47bb-0310-9956-ffa450edef68
2025-08-05 16:55:50 +03:00 · 2016-03-11 13:51:17 +00:00
parent cdfb2f5fd6
commit bafafe600b
7 changed files with 100 additions and 21 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -229,6 +229,13 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
            sc->fips = FALSE;
        }
 #endif
+
+        if (sc->server && sc->server->crl_check_flags == UNSET) {
+            sc->server->crl_check_flags = 0;
+        }
+        if (sc->proxy && sc->proxy->crl_check_flags == UNSET) {
+            sc->proxy->crl_check_flags = 0;
+        }
    }

 #if APR_HAS_THREADS