Commit a5300584be18c28b4248c5e2c2de1dc02a3e982a
1 parent
451f0c31
Exists in
master
and in
3 other branches
Adding "./configure" option to allow use of expired CRL.
Showing
3 changed files
with
19 additions
and
0 deletions
Show diff stats
configure.ac
... | ... | @@ -353,6 +353,19 @@ if test "$app_cv_self_signed_certs" == "yes"; then |
353 | 353 | AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) |
354 | 354 | fi |
355 | 355 | |
356 | +AC_ARG_ENABLE([expired-crl], | |
357 | + [AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])], | |
358 | +[ | |
359 | + app_cv_expired_crl="$enableval" | |
360 | +],[ | |
361 | + app_cv_expired_crl="no" | |
362 | +]) | |
363 | + | |
364 | +if test "$app_cv_expired_crl" == "yes"; then | |
365 | + AC_DEFINE(SSL_ALLOW_EXPIRED_CRL) | |
366 | +fi | |
367 | + | |
368 | + | |
356 | 369 | AC_ARG_ENABLE([ssl-crl-check], |
357 | 370 | [AS_HELP_STRING([--enable-ssl-crl-check], [Enable use of SSL Certificate Revocation List])], |
358 | 371 | [ | ... | ... |
src/include/config.h.in
src/lib3270/ssl/negotiate.c
... | ... | @@ -194,10 +194,15 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
194 | 194 | |
195 | 195 | case X509_V_ERR_CRL_HAS_EXPIRED: |
196 | 196 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); |
197 | + | |
198 | +#ifdef SSL_ALLOW_EXPIRED_CRL | |
199 | + break; | |
200 | +#else | |
197 | 201 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
198 | 202 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); |
199 | 203 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); |
200 | 204 | return -1; |
205 | +#endif // SSL_ALLOW_EXPIRED_CRL | |
201 | 206 | |
202 | 207 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
203 | 208 | ... | ... |