clr-verify can be specified multiple times in the config file and the
expected behaviour is that the last occurrence should be used.
Therefore, reset the optional flags everytime a new crl-verify
option is found.
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
src/openvpn/options.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 281ef0b..5192198 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6966,6 +6966,14 @@ add_option (struct options *options,
|| (p[2] && streq (p[1], INLINE_FILE_TAG) ) || !p[2]) &&
!p[3])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
+ /*
+ * If crl-verify appears more than once in the config file, we have to
+ * to keep settings belonging to the last occurrence only.
+ * Reset optional settings each time.
+ */
+ options->ssl_flags &= ~SSLF_CRL_VERIFY_DIR;
+ options->crl_file_inline = NULL;
+
if (p[2] && streq(p[2], "dir"))
options->ssl_flags |= SSLF_CRL_VERIFY_DIR;
options->crl_file = p[1];
--
2.10.1
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
