From 9ef5569c7c28d9108fe000639c5331da7a4ecca4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 14 Sep 2015 18:46:20 +0200
Subject: [PATCH] Allow loading DER-encoded CRLs

---
 src/tlslib.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/tlslib.c b/src/tlslib.c
index 349071e9..da0bec07 100644
--- a/src/tlslib.c
+++ b/src/tlslib.c
@@ -766,15 +766,15 @@ struct stat st;
 			    gnutls_certificate_set_x509_crl_file(creds->xcred,
 								 s->config->crl,
 								 GNUTLS_X509_FMT_PEM);
+			if (ret == GNUTLS_E_BASE64_DECODING_ERROR)
+				ret =
+				    gnutls_certificate_set_x509_crl_file(creds->xcred,
+									 s->config->crl,
+									 GNUTLS_X509_FMT_DER);
 			if (ret < 0) {
 				/* ignore the CRL file when empty */
-				if (ret == GNUTLS_E_BASE64_DECODING_ERROR) {
-					mslog(s, NULL, LOG_ERR, "unreadable CRL file (%s)",
-						s->config->crl);
-				} else {
-					mslog(s, NULL, LOG_ERR, "error reading the CRL (%s) file: %s",
-						s->config->crl, gnutls_strerror(ret));
-				}
+				mslog(s, NULL, LOG_ERR, "error reading the CRL (%s) file: %s",
+					s->config->crl, gnutls_strerror(ret));
 				exit(1);
 			}
 			mslog(s, NULL, LOG_INFO, "loaded CRL: %s", s->config->crl);