Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
Lack of this led people accepting multiple CAs to use capath, which already supports multiple CRLs. But capath mode itself is somewhat ugly: you have to create new file/symlink every time CRL is updated, and there's no good way to clean them up without restarting OpenVPN, since any gap in the sequence would cause it to lose sync (see trac 623). mbedtls crypto backend already loads multiple CRLs as is, so it doesn't need this fix. The patch also includes some logging changes which I think are useful. Trac: #623 Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20200407174436.238933-1-wgh@torlan.ru> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19710.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 05229fb)
- Loading branch information