From e87e0c53ff9be99250d07fb9147b362afee9aea7 Mon Sep 17 00:00:00 2001 From: Lucas Holt Date: Wed, 30 Oct 2024 12:49:42 -0400 Subject: [PATCH] Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. Obtained from: FreeBSD-SA-24:19.fetch --- usr.bin/fetch/fetch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.bin/fetch/fetch.c b/usr.bin/fetch/fetch.c index 2667119964d..25fbef7a22f 100644 --- a/usr.bin/fetch/fetch.c +++ b/usr.bin/fetch/fetch.c @@ -1060,7 +1060,7 @@ main(int argc, char *argv[]) setenv("SSL_CLIENT_KEY_FILE", optarg, 1); break; case OPTION_SSL_CRL_FILE: - setenv("SSL_CLIENT_CRL_FILE", optarg, 1); + setenv("SSL_CRL_FILE", optarg, 1); break; case OPTION_SSL_NO_SSL3: setenv("SSL_NO_SSL3", "", 1);