Index: src/interfaces/libpq/fe-secure.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v
retrieving revision 1.79
diff -c -c -r1.79 fe-secure.c
*** src/interfaces/libpq/fe-secure.c	27 Apr 2006 14:02:36 -0000	1.79
--- src/interfaces/libpq/fe-secure.c	27 Apr 2006 14:08:18 -0000
***************
*** 125,135 ****
--- 125,137 ----
  #define USER_CERT_FILE		".postgresql/postgresql.crt"
  #define USER_KEY_FILE		".postgresql/postgresql.key"
  #define ROOT_CERT_FILE		".postgresql/root.crt"
+ #define ROOT_CRL_FILE		".postgresql/root.crl"
  #else
  /* On Windows, the "home" directory is already PostgreSQL-specific */
  #define USER_CERT_FILE		"postgresql.crt"
  #define USER_KEY_FILE		"postgresql.key"
  #define ROOT_CERT_FILE		"root.crt"
+ #define ROOT_CRL_FILE		"root.crl"
  #endif
  
  #ifdef NOT_USED
***************
*** 784,789 ****
--- 786,793 ----
  		snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CERT_FILE);
  		if (stat(fnbuf, &buf) == 0)
  		{
+ 			X509_STORE *cvstore;
+ 			
  			if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL))
  			{
  				char	   *err = SSLerrmessage();
***************
*** 795,800 ****
--- 799,813 ----
  				return -1;
  			}
  
+ 			if ((cvstore = SSL_CTX_get_cert_store(SSL_context)) != NULL)
+ 			{
+ 				if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0)
+ 				   /* setting the flags to check against the complete CRL chain */
+ 				   X509_STORE_set_flags(cvstore,
+ 								X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ 				/* if not found, silently ignore;  we do not require CRL */
+ 			}
+ 	
  			SSL_CTX_set_verify(SSL_context, SSL_VERIFY_PEER, verify_cb);
  		}
  	}