Patrick Wildt([email protected]) on 2017.11.15 13:31:48 +0100: > Hi, > > when basic OCSP support was committed in 2014, a bit of code was > forgotten that resets the OCSP URL back to NULL on config reload. > Otherwise we end up not being able to disable OCSP with a config > change and reload. > > ok?
makes sense, ok benno@ > Patrick > > diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y > index 419a5996f36..9b2ab654470 100644 > --- a/sbin/iked/parse.y > +++ b/sbin/iked/parse.y > @@ -1494,7 +1494,10 @@ parse_config(const char *filename, struct iked *x_env) > if ((file = pushfile(filename, 1)) == NULL) > return (-1); > > + free(ocsp_url); > + > decouple = passive = 0; > + ocsp_url = NULL; > > if (env->sc_opts & IKED_OPT_PASSIVE) > passive = 1; >
