From 118d36f384f984fe3341b71bba29b546013e7a38 Mon Sep 17 00:00:00 2001
From: Sebastian Marsching <sebastian-git-2016@marsching.com>
Date: Mon, 27 Feb 2017 19:26:34 +0100
Subject: [PATCH] Fixed return code check in CRL loading

The code for loading CRLs was incorrectly assuming that OpenSSL's
X509_LOOKUP_load_file function returns zero on success, but actually it
returns one on success. This commit fixes this return code check so
that a CRL can be loaded.

fixes #5040

Signed-off-by: Gunnar Beutner <gunnar.beutner@icinga.com>
---
 lib/base/tlsutility.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 90d744478..c9eedd230 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -231,7 +231,7 @@ void AddCRLToSSLContext(const boost::shared_ptr<SSL_CTX>& context, const String&
 		    << errinfo_openssl_error(ERR_peek_error()));
 	}
 
-	if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 0) {
+	if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 1) {
 		Log(LogCritical, "SSL")
 		    << "Error loading crl file '" << crlPath << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
 		BOOST_THROW_EXCEPTION(openssl_error()