create new cert_store before reloading CAs and CRLs

Conflicts: ChangeLog

create new cert_store before reloading CAs and CRLs
Conflicts: ChangeLog
4fa79aa7 · Fabian Mauchle · Linus Nordberg · 9a565fe0 · 4fa79aa7 · 4fa79aa7
Commit 4fa79aa7 authored Mar 24, 2017 by Fabian Mauchle Committed by Linus Nordberg Aug 01, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

ChangeLog ChangeLog +4 -0

tlscommon.c tlscommon.c +1 -0

No files found.
--- a/ChangeLog
+++ b/ChangeLog
+2017-10-?? 1.6.9
+	Bug fixes:
+	- Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50).
+
 2016-09-21 1.6.8
 	Bug fixes:
 	- Stop waiting on writable when reading a TCP socket.

--- a/tlscommon.c
+++ b/tlscommon.c
@@ -158,6 +158,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) {
    X509_STORE *x509_s;
    unsigned long error;

+    SSL_CTX_set_cert_store(ctx, X509_STORE_new());
    if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) {
 	while ((error = ERR_get_error()))
 	    debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL));