changeset
context.c: Add crl_check and crl_check_chain verify options
Sun, 12 Dec 2010 22:21:36 +0000
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Sun, 12 Dec 2010 22:21:36 +0000
- changeset 36
- 96f23601ce7a
- parent 35
- 4994321eae31
- child 37
- 8904bda2369f
context.c: Add crl_check and crl_check_chain verify options
| src/context.c | file | annotate | diff | comparison | revisions |
--- a/src/context.c Sun Nov 28 18:03:49 2010 +0000 +++ b/src/context.c Sun Dec 12 22:21:36 2010 +0000 @@ -423,7 +423,7 @@ static int set_verify(lua_State *L) { int i; - int flag = 0; + int flag = 0, vflag = 0; int ignore_errors = 0; p_context ctx = checkctx(L, 1); int max = lua_gettop(L); @@ -437,6 +437,10 @@ ignore_errors = 1; } else if (!strcmp(s, "ignore_purpose")) { ctx->verify_flags |= LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE; + } else if (!strcmp(s, "crl_check")) { + vflag |= X509_V_FLAG_CRL_CHECK; + } else if (!strcmp(s, "crl_check_chain")) { + vflag |= X509_V_FLAG_CRL_CHECK_ALL; } else if (!set_verify_flag(s, &flag)) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid verify option"); @@ -444,6 +448,11 @@ } } SSL_CTX_set_verify(ctx->context, flag, ctx->verify_flags ? verify_cb : NULL); + if(vflag) + { + X509_STORE *store = SSL_CTX_get_cert_store(ctx->context); + X509_STORE_set_flags(store, vflag); + } } lua_pushboolean(L, 1); return 1;
