socket/ssl: fix crl handling

Problem: Just setting the path to the CRL directory in socket_init() wasn't working. Solution: Need to use special API to retrieve and set X509_VERIFY_PARAM and set the CRL checking flags explicitly. Also, setting the CRL checking flags is a big pain, since the connection is declared as failed if any CRL isn't found in the designated file or directory. A comment has been added to the code appropriately. Change-Id: I8a8ed2ddaf4b5eb974387d2f7b1a85c1ca39fe79 fixes: bz#1687326 Signed-off-by: Milind Changire <mchangir@redhat.com>
author: Milind Changire <mchangir@redhat.com> 2019-03-14 10:55:52 +0530
committer: Raghavendra G <rgowdapp@redhat.com> 2019-03-19 09:38:28 +0000
commit: 06fa261207f0f0625c52fa977b96e5875e9a91e0 (patch)
tree: a8d5e215d7fdbbc52c4dac8a4baffde1f0978bf7 /configure.ac
parent: 43092dfd25295aba9d2426a82ea4027e08a7a2c5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index a4cec90afbf..89e330aaada 100644
--- a/configure.ac
+++ b/configure.ac
@@ -489,6 +489,8 @@ AC_CHECK_HEADERS([openssl/dh.h])
 
 AC_CHECK_HEADERS([openssl/ecdh.h])
 
+AC_CHECK_LIB([ssl], [SSL_CTX_get0_param], [AC_DEFINE([HAVE_SSL_CTX_GET0_PARAM], [1], [define if found OpenSSL SSL_CTX_get0_param])])
+
 dnl Math library
 AC_CHECK_LIB([m], [pow], [MATH_LIB='-lm'], [MATH_LIB=''])
 AC_SUBST(MATH_LIB)
author	Milind Changire <mchangir@redhat.com>	2019-03-14 10:55:52 +0530
committer	Raghavendra G <rgowdapp@redhat.com>	2019-03-19 09:38:28 +0000
commit	06fa261207f0f0625c52fa977b96e5875e9a91e0 (patch)
tree	a8d5e215d7fdbbc52c4dac8a4baffde1f0978bf7 /configure.ac
parent	43092dfd25295aba9d2426a82ea4027e08a7a2c5 (diff)