From 06fa261207f0f0625c52fa977b96e5875e9a91e0 Mon Sep 17 00:00:00 2001
From: Milind Changire <mchangir@redhat.com>
Date: Thu, 14 Mar 2019 10:55:52 +0530
Subject: socket/ssl: fix crl handling

Problem:
Just setting the path to the CRL directory in socket_init() wasn't working.

Solution:
Need to use special API to retrieve and set X509_VERIFY_PARAM and set
the CRL checking flags explicitly.
Also, setting the CRL checking flags is a big pain, since the connection
is declared as failed if any CRL isn't found in the designated file or
directory. A comment has been added to the code appropriately.

Change-Id: I8a8ed2ddaf4b5eb974387d2f7b1a85c1ca39fe79
fixes: bz#1687326
Signed-off-by: Milind Changire <mchangir@redhat.com>
---
 configure.ac | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index a4cec90afbf..89e330aaada 100644
--- a/configure.ac
+++ b/configure.ac
@@ -489,6 +489,8 @@ AC_CHECK_HEADERS([openssl/dh.h])
 
 AC_CHECK_HEADERS([openssl/ecdh.h])
 
+AC_CHECK_LIB([ssl], [SSL_CTX_get0_param], [AC_DEFINE([HAVE_SSL_CTX_GET0_PARAM], [1], [define if found OpenSSL SSL_CTX_get0_param])])
+
 dnl Math library
 AC_CHECK_LIB([m], [pow], [MATH_LIB='-lm'], [MATH_LIB=''])
 AC_SUBST(MATH_LIB)
-- 
cgit