mirror of https://github.com/wolfSSL/wolfssl
add crl monitor flag, handle no revoked case
This commit is contained in:
parent
5bc728b882
commit
26153ffad6
|
@ -4660,8 +4660,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz)
|
|||
if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
|
||||
if (idx != dcrl->sigIndex) {
|
||||
if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) {
|
||||
if (GetSequence(buff, &idx, &len, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ typedef struct CYASSL_CRL CYASSL_CRL;
|
|||
CYASSL_LOCAL int InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
|
||||
CYASSL_LOCAL void FreeCRL(CYASSL_CRL*);
|
||||
|
||||
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type);
|
||||
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
|
||||
CYASSL_LOCAL int BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
|
||||
CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*);
|
||||
|
||||
|
|
|
@ -62,6 +62,7 @@ enum ASN_Tags {
|
|||
ASN_SET = 0x11,
|
||||
ASN_UTC_TIME = 0x17,
|
||||
ASN_GENERALIZED_TIME = 0x18,
|
||||
CRL_EXTENSIONS = 0xa0,
|
||||
ASN_EXTENSIONS = 0xa3,
|
||||
ASN_LONG_LENGTH = 0x80
|
||||
};
|
||||
|
|
|
@ -791,17 +791,18 @@ CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
|||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,int);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
|
||||
int);
|
||||
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
|
||||
|
||||
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
|
||||
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
|
||||
|
||||
|
||||
|
|
|
@ -209,7 +209,7 @@ void client_test(void* args)
|
|||
CyaSSL_set_fd(ssl, sockfd);
|
||||
#ifdef HAVE_CRL
|
||||
CyaSSL_EnableCRL(ssl, 0);
|
||||
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM);
|
||||
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
|
||||
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
|
||||
#endif
|
||||
if (argc != 3)
|
||||
|
|
|
@ -250,7 +250,7 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
|
|||
|
||||
|
||||
/* Load CRL path files of type, SSL_SUCCESS on ok */
|
||||
int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
|
||||
int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
|
||||
{
|
||||
struct dirent* entry;
|
||||
DIR* dir;
|
||||
|
@ -293,6 +293,10 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
|
|||
}
|
||||
}
|
||||
|
||||
if (monitor) {
|
||||
CYASSL_MSG("monitor path requested");
|
||||
}
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
16
src/ssl.c
16
src/ssl.c
|
@ -1332,6 +1332,10 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
|||
|
||||
if (ret == 0)
|
||||
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
|
||||
#ifdef HAVE_CRL
|
||||
if (ret == 0 && cm->crlEnabled)
|
||||
ret = CheckCertCRL(cm->crl, &cert);
|
||||
#endif
|
||||
}
|
||||
|
||||
FreeDecodedCert(&cert);
|
||||
|
@ -1441,7 +1445,7 @@ int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
|
|||
|
||||
|
||||
int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
|
||||
int type)
|
||||
int type, int monitor)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
|
||||
if (cm == NULL)
|
||||
|
@ -1454,7 +1458,7 @@ int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
|
|||
}
|
||||
}
|
||||
|
||||
return LoadCRL(cm->crl, path, type);
|
||||
return LoadCRL(cm->crl, path, type, monitor);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1478,11 +1482,11 @@ int CyaSSL_DisableCRL(CYASSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type)
|
||||
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_LoadCRL");
|
||||
if (ssl)
|
||||
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type);
|
||||
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
@ -1518,11 +1522,11 @@ int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
|
|||
}
|
||||
|
||||
|
||||
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type)
|
||||
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
|
||||
if (ctx)
|
||||
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type);
|
||||
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
|
||||
else
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue