Index: src/backend/libpq/be-secure.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v
retrieving revision 1.67
diff -c -c -r1.67 be-secure.c
*** src/backend/libpq/be-secure.c	4 May 2006 22:18:38 -0000	1.67
--- src/backend/libpq/be-secure.c	5 May 2006 18:26:37 -0000
***************
*** 795,801 ****
  	}
  	else
  	{
- #ifdef X509_V_FLAG_CRL_CHECK
  		/*
  		 *	Check the Certificate Revocation List (CRL) if file exists.
  		 *	http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,00.html
--- 795,800 ----
***************
*** 804,813 ****
  
  		if (cvstore)
  		{
  			if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0)
! 			   /* setting the flags to check against the complete CRL chain */
! 			   X509_STORE_set_flags(cvstore,
  							X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
  			else
  			{
  				/* Not fatal - we do not require CRL */
--- 803,820 ----
  
  		if (cvstore)
  		{
+ 		   /* Set the flags to check against the complete CRL chain */
  			if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0)
! /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
! #ifdef X509_V_FLAG_CRL_CHECK
! 				X509_STORE_set_flags(cvstore,
  							X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ #else
+ 				ereport(LOG,
+ 					(errmsg("SSL Certificate Revocation List (CRL) file \"%s\" ignored",
+ 							ROOT_CRL_FILE),
+ 					 errdetail("Installed SSL library does not support CRL.")));
+ #endif
  			else
  			{
  				/* Not fatal - we do not require CRL */
***************
*** 817,823 ****
  					 errdetail("Will not check certificates against CRL.")));
  			}
  		}
- #endif /* X509_V_FLAG_CRL_CHECK */
  
  		SSL_CTX_set_verify(SSL_context,
  						   (SSL_VERIFY_PEER |
--- 824,829 ----