开启证书CRL检查，忽略找不到CRL的证书校验错误。

2018-11-01 12:28:40 +08:00
parent 198818a2aa
commit b17b5fcd00
3 changed files with 32 additions and 14 deletions
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -132,6 +132,8 @@ struct ssl_mgr

 	uint8_t ssl_mode_release_buffers;
 	char trust_CA_file[TFE_PATH_MAX];
+	char crl_file[TFE_PATH_MAX];
+
 	struct ssl_trusted_cert_storage * trust_CA_store;
 	struct key_keeper * key_keeper;
 	struct event_base * ev_base_gc;
@@ -569,7 +571,11 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 		TFE_LOG_ERROR(logger, "Failed at creating X509_STORE");
 		goto error_out;
 	}
-
+	MESA_load_profile_string_def(ini_profile, section, "crl_file", mgr->crl_file, sizeof(mgr->crl_file), "");
+	if(strlen(mgr->crl_file)>0)
+	{
+		ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CRL, mgr->crl_file);
+	}

 	memcpy(mgr->ssl_session_context, "mesa-tfe", sizeof(mgr->ssl_session_context));