From 345c854cb8de688b2f2f4c2e89cc704203dafc7f Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Tue, 30 Jul 2019 18:09:50 -0400
Subject: s_client: Enable OCSP before CRL

Revocation methods are apparently used in the order in which they're
enabled.
---
(limited to 'src')

diff --git a/src/s_client.c b/src/s_client.c
index 79f8f25..2d1d28a 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -322,14 +322,14 @@ s_client(int argc, char **argv)
 
 	(void) servername;
 	if (
-#if defined(HAVE_CRL) && defined(HAVE_CRL_IO)
-			wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) !=
-				WOLFSSL_SUCCESS ||
-#endif
 #ifdef HAVE_OCSP
 			wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL) !=
 				WOLFSSL_SUCCESS ||
 #endif
+#if defined(HAVE_CRL) && defined(HAVE_CRL_IO)
+			wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) !=
+				WOLFSSL_SUCCESS ||
+#endif
 #ifdef HAVE_SNI
 			(servername != NULL && wolfSSL_CTX_UseSNI(ctx,
 				WOLFSSL_SNI_HOST_NAME, servername,
--
cgit v0.9.1