add crl missing url callback

2012-05-16 17:35:51 -07:00 · 2012-05-16 17:35:51 -07:00 · 08d9e57bf6
commit 08d9e57bf6
parent c4ea674fc8
6 changed files with 51 additions and 5 deletions
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@ -382,11 +382,11 @@ CYASSL_LOCAL int  EncodeOcspRequest(DecodedCert*, byte*, word32);
 #endif /* HAVE_OCSP */


-#ifdef HAVE_CRL
-
-
+/* for pointer use */
 typedef struct RevokedCert RevokedCert;

+#ifdef HAVE_CRL
+
 struct RevokedCert {
    byte         serialNumber[EXTERNAL_SERIAL_SIZE];
    int          serialSz;
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@ -798,10 +798,12 @@ CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
 CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
 CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
 CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int);
+CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);

 CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
 CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
 CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int);
+CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);



--- a/cyassl/test.h
+++ b/cyassl/test.h
@ -575,6 +575,16 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 #endif /* VERIFY_CALLBACK */


+#ifdef HAVE_CRL
+
+static void CRL_CallBack(char* url)
+{
+    printf("CRL callback url = %s\n", url);
+}
+
+#endif
+
+
 static INLINE void CaCb(unsigned char* der, int sz, int type)
 {
    printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -210,6 +210,7 @@ void client_test(void* args)
 #ifdef HAVE_CRL
    CyaSSL_EnableCRL(ssl, 0);
    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM);
+    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
 #endif
    if (argc != 3)
        CyaSSL_check_domain_name(ssl, "www.yassl.com");
--- a/src/crl.c
+++ b/src/crl.c
@ -144,8 +144,19 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
 	if (foundEntry == 0) {
 		CYASSL_MSG("Couldn't find CRL for status check");
 		ret = CRL_MISSING;
-		if (crl->cm->cbMissingCRL)
-			crl->cm->cbMissingCRL(NULL);
+		if (crl->cm->cbMissingCRL) {
+			char url[256];
+
+			CYASSL_MSG("Issuing missing CRL callback");
+			url[0] = '\0';
+			if (cert->extCrlInfoSz < sizeof(url) -1 ) {
+				XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
+				url[cert->extCrlInfoSz] = '\0';
+			}
+			else 
+				CYASSL_MSG("CRL url too long");
+			crl->cm->cbMissingCRL(url);
+		}
 	}


--- a/src/ssl.c
+++ b/src/ssl.c
@ -1186,8 +1186,10 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
    else {
        if (type == CA_TYPE && format == SSL_FILETYPE_PEM) 
            ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
+#ifdef HAVE_CRL
        else if (type == CRL_TYPE)
            ret = BufferLoadCRL(crl, myBuffer, sz, format);
+#endif
        else
            ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
                                userChain);
@ -1479,6 +1481,16 @@ int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type)
 }


+int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
+{
+    CYASSL_ENTER("CyaSSL_SetCRL_Cb");
+    if (ssl)
+        return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
+    else
+        return BAD_FUNC_ARG;
+}
+
+
 int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
 {
    CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
@ -1509,6 +1521,16 @@ int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type)
 }


+int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
+{
+    CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
+    if (ctx)
+        return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
+    else
+        return BAD_FUNC_ARG;
+}
+
+
 #endif /* HAVE_CRL */