diff options
| -rw-r--r-- | rcynic/README | 2 | ||||
| -rw-r--r-- | rcynic/rcynic.c | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/rcynic/README b/rcynic/README index c44338a6..42de75ed 100644 --- a/rcynic/README +++ b/rcynic/README @@ -225,7 +225,7 @@ allow-stale-crl Allow use of CRLs which are past their nextUpdate timestamp. This is probably harmless, but since it may be an early warning of problems, it's configurable. - Values: true or false. Default: false + Values: true or false. Default: true prune Clean up old files corresponding to URIs that rcynic did not see at all during this run. diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index c74be69d..c36771a7 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -1259,7 +1259,7 @@ static int check_cert_cb(int ok, X509_STORE_CTX *ctx) * said it intended to publish a new CRL. Unclear whether this * should be an error; current theory is that it should not be. */ - logmsg(rctx->rc, log_telemetry, "Stale CRL %s while checking %s", + logmsg(rctx->rc, log_data_err, "Stale CRL %s while checking %s", rctx->subj->crldp, rctx->subj->uri); mib_increment(rctx->rc, rctx->subj->uri, stale_crl); if (rctx->rc->allow_stale_crl) @@ -1582,6 +1582,7 @@ int main(int argc, char *argv[]) set_directory(&rc.old_authenticated, "rcynic-data/authenticated.old/"); set_directory(&rc.unauthenticated, "rcynic-data/unauthenticated/"); rc.log_level = log_telemetry; + rc.allow_stale_crl = 1; #define QQ(x,y) rc.priority[x] = y; LOG_LEVELS; |