D47433.id146092.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D47433.id146092.diff
View Options

	diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
	--- a/lib/libfetch/common.c
	+++ b/lib/libfetch/common.c
	@@ -1083,6 +1083,13 @@
	ca_cert_path);
	else
	SSL_CTX_set_default_verify_paths(ctx);
	+ if (getenv("SSL_CRL_VERIFY") != NULL) {
	+ if (verbose)
	+ fetch_info("CRL verification enabled");
	+ X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ctx),
	+ X509_V_FLAG_CRL_CHECK \|
	+ X509_V_FLAG_CRL_CHECK_ALL);
	+ }
	if ((crl_file = getenv("SSL_CRL_FILE")) != NULL) {
	if (verbose)
	fetch_info("Using CRL file: %s", crl_file);
	diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3
	--- a/lib/libfetch/fetch.3
	+++ b/lib/libfetch/fetch.3
	@@ -24,7 +24,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd October 7, 2023
	+.Dd November 4, 2024
	.Dt FETCH 3
	.Os
	.Sh NAME
	@@ -420,6 +420,10 @@
	A certificate revocation list (CRL) can be used by setting the
	environment variable
	.Ev SSL_CRL_FILE
	+to the respective file containing the CRL,
	+or by setting the environment variable
	+.Ev SSL_CRL_VERIFY
	+to look for the CRL in the configured trust store file or path
	(see
	.Xr crl 1 ) .
	.Pp