From 8a3b3b03d226ccfb53639c3d9028924f77fe3761 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 3 Jul 2014 12:13:41 -0700
Subject: [PATCH] fix crl problem error out if verify peer disabled

---
 src/internal.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index cd976a1e9..a8b31df26 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4161,8 +4161,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
     if (anyError != 0 && ret == 0)
         ret = anyError;
 
-    if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
-        ssl->options.serverState = SERVER_CERT_COMPLETE;
 
     if (ret != 0) {
         if (!ssl->options.verifyNone) {
@@ -4238,6 +4236,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
     }
 #endif
 
+    if (ssl->options.verifyNone &&
+                              (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
+        CYASSL_MSG("Ignoring CRL problem based on verify setting");
+        ret = ssl->error = 0;
+    }
+
+    if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
+        ssl->options.serverState = SERVER_CERT_COMPLETE;
+
     return ret;
 }