Enabled checks agains the CRL passed in parameter

thierryba · thierryba · commit 5d422c238b48 · 2025-11-27T15:32:50.000+01:00
diff --git a/src/opts.c b/src/opts.c
@@ -506,6 +506,13 @@ natsOptions_SetCATrustedCertificates(natsOptions *opts, const char *certs)
                                       "error adding CA CRL: %s",
                                       NATS_SSL_ERR_REASON_STRING);
                 }
+
+                if ((s == NATS_OK) && (X509_STORE_set_flags(cts, X509_V_FLAG_CRL_CHECK) != 1))
+                {
+                    s = nats_setError(NATS_SSL_ERROR,
+                                      "error enabling CA CRL: %s",
+                                      NATS_SSL_ERR_REASON_STRING);
+                }
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -506,6 +506,13 @@ natsOptions_SetCATrustedCertificates(natsOptions opts, const char certs)`
`506`	`506`	`"error adding CA CRL: %s",`
`507`	`507`	`NATS_SSL_ERR_REASON_STRING);`
`508`	`508`	`}`
	`509`	`+`
	`510`	`+ if ((s == NATS_OK) && (X509_STORE_set_flags(cts, X509_V_FLAG_CRL_CHECK) != 1))`
	`511`	`+ {`
	`512`	`+ s = nats_setError(NATS_SSL_ERROR,`
	`513`	`+ "error enabling CA CRL: %s",`
	`514`	`+ NATS_SSL_ERR_REASON_STRING);`
	`515`	`+ }`
`509`	`516`	`}`
`510`	`517`	`}`
`511`	`518`