Hi,
when basic OCSP support was committed in 2014, a bit of code was
forgotten that resets the OCSP URL back to NULL on config reload.
Otherwise we end up not being able to disable OCSP with a config
change and reload.
ok?
Patrick
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 419a5996f36..9b2ab654470 100644
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1494,7 +1494,10 @@ parse_config(const char *filename, struct iked *x_env)
if ((file = pushfile(filename, 1)) == NULL)
return (-1);
+ free(ocsp_url);
+
decouple = passive = 0;
+ ocsp_url = NULL;
if (env->sc_opts & IKED_OPT_PASSIVE)
passive = 1;
