Fixed return code check in CRL loading

The code for loading CRLs was incorrectly assuming that OpenSSL's
X509_LOOKUP_load_file function returns zero on success, but actually it
returns one on success. This commit fixes this return code check so
that a CRL can be loaded.

fixes #5040

Signed-off-by: Gunnar Beutner <gunnar.beutner@icinga.com>

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 90d74447807f0c131476c474f899418c2ffa3de9..c9eedd23077adf58fb6550df1b30f37327d97184 100644 (file)
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -231,7 +231,7 @@ void AddCRLToSSLContext(const boost::shared_ptr<SSL_CTX>& context, const String&
                    << errinfo_openssl_error(ERR_peek_error()));
        }
 
-       if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 0) {
+       if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 1) {
                Log(LogCritical, "SSL")
                    << "Error loading crl file '" << crlPath << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
                BOOST_THROW_EXCEPTION(openssl_error()