Changeset 809c422 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Apr 2, 2015, 8:48:19 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
bfcff28
Parents:
bd24203
Message:

TLS proxy: Add support for CRLs to back end server verification

When configured as a TLS proxy, mod_gnutls can now use CRLs to check if
the certificate provided by a back end server is still valid. The CRL
file must be provided externally, the new configuration option
"GnuTLSProxyCRLFile" is used to load it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_hooks.c

    rbd24203 r809c422  
    18021802        err = gnutls_x509_trust_list_add_trust_file(sc->proxy_x509_tl,
    18031803                                                    sc->proxy_x509_ca_file,
    1804                                                     NULL /* crl_file */,
     1804                                                    sc->proxy_x509_crl_file,
    18051805                                                    GNUTLS_X509_FMT_PEM,
    18061806                                                    0 /* tl_flags */,
Note: See TracChangeset for help on using the changeset viewer.