Index: src/backend/libpq/be-secure.c =================================================================== RCS file: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v retrieving revision 1.67 diff -c -c -r1.67 be-secure.c *** src/backend/libpq/be-secure.c 4 May 2006 22:18:38 -0000 1.67 --- src/backend/libpq/be-secure.c 5 May 2006 18:26:37 -0000 *************** *** 795,801 **** } else { - #ifdef X509_V_FLAG_CRL_CHECK /* * Check the Certificate Revocation List (CRL) if file exists. * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html --- 795,800 ---- *************** *** 804,813 **** if (cvstore) { if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0) ! /* setting the flags to check against the complete CRL chain */ ! X509_STORE_set_flags(cvstore, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); else { /* Not fatal - we do not require CRL */ --- 803,820 ---- if (cvstore) { + /* Set the flags to check against the complete CRL chain */ if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0) ! /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ ! #ifdef X509_V_FLAG_CRL_CHECK ! X509_STORE_set_flags(cvstore, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + #else + ereport(LOG, + (errmsg("SSL Certificate Revocation List (CRL) file \"%s\" ignored", + ROOT_CRL_FILE), + errdetail("Installed SSL library does not support CRL."))); + #endif else { /* Not fatal - we do not require CRL */ *************** *** 817,823 **** errdetail("Will not check certificates against CRL."))); } } - #endif /* X509_V_FLAG_CRL_CHECK */ SSL_CTX_set_verify(SSL_context, (SSL_VERIFY_PEER | --- 824,829 ----