Cherry-pick "S2S-SSL/GnuTLS: Enable CRL verification"

debian/patches/0001-S2S-SSL-GnuTLS-Enable-CRL-verification_26.1.patch

@@ -0,0 +1,21 @@
+From edb8fce8719efb0d887c72495e540d60a3bf4ed7 Mon Sep 17 00:00:00 2001
+From: Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>
+Date: Sun, 31 Mar 2024 00:36:53 +0100
+Subject: [PATCH] S2S-SSL/GnuTLS: Enable CRL verification
+
+(cherry picked from commit b2c9049af20b12f2fde08f4af0a35968404effdb)
+---
+ src/ngircd/conn-ssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/src/ngircd/conn-ssl.c
++++ b/src/ngircd/conn-ssl.c
+@@ -486,6 +486,8 @@
+ 		return false;
+ 
+ 	gnutls_certificate_set_dh_params(x509_cred, dh_params);
++	gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_VERIFY_CRLS);
++
+ 	err = gnutls_certificate_set_x509_key_file(x509_cred, cert_file, Conf_SSLOptions.KeyFile, GNUTLS_X509_FMT_PEM);
+ 	if (err < 0) {
+ 		Log(LOG_ERR,

debian/patches/series

@@ -18,5 +18,6 @@
 0018-S2S-TLS-Add-notice-to-INSTALL.patch
 0019-S2S-TLS-Fix-make-check-in-separate-build-directory.patch
 0020-METADATA-Fix-unsetting-cloakhost.patch
+0001-S2S-SSL-GnuTLS-Enable-CRL-verification_26.1.patch
 
 fix-typos.patch