aboutsummaryrefslogtreecommitdiffstats
path: root/eap_example/eap_example_server.c
diff options
context:
space:
mode:
authorSam Voss <sam.voss@rockwellcollins.com>2017-08-07 16:26:33 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-31 10:51:51 (GMT)
commitdd5d325b0ac07ef73974b44c6959056030ab68ca (patch)
tree36972e2c099ee1f43e054d752b4baf4fc7221aef /eap_example/eap_example_server.c
parent3518e3623fefa53848614475b128af1c0643a499 (diff)
downloadhostap-dd5d325b0ac07ef73974b44c6959056030ab68ca.zip
hostap-dd5d325b0ac07ef73974b44c6959056030ab68ca.tar.gz
hostap-dd5d325b0ac07ef73974b44c6959056030ab68ca.tar.bz2
hostapd: Add configuration option check_crl_strict
Add the ability to ignore time-based CRL errors from OpenSSL by specifying a new configuration parameter, check_crl_strict=0. This causes the following: - This setting does nothing when CRL checking is not enabled. - When CRL is enabled, "strict mode" will cause CRL time errors to not be ignored and will continue behaving as it currently does. - When CRL is enabled, disabling strict mode will cause CRL time errors to be ignored and will allow connections. By default, check_crl_strict is set to 1, or strict mode, to keep current functionality. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Diffstat (limited to 'eap_example/eap_example_server.c')
-rw-r--r--eap_example/eap_example_server.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c
index 0524096..145bb9f 100644
--- a/eap_example/eap_example_server.c
+++ b/eap_example/eap_example_server.c
@@ -88,7 +88,7 @@ static int eap_example_server_init_tls(void)
return -1;
}
- if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
+ if (tls_global_set_verify(eap_ctx.tls_ctx, 0, 1)) {
printf("Failed to set check_crl\n");
return -1;
}