Find CRL Signer By AuthKeyId

1. Add parsing of CRL extensions, specifically the Auth Key ID extension. 2. To verify CRL, search for CA signer by AuthKeyId first, then by name. If NO_SKID is set, just use name. 3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:31:29 -08:00
parent 06e5e81b1b
commit 037c319bab
4 changed files with 149 additions and 32 deletions
--- a/cyassl/ctaocrypt/settings.h
+++ b/cyassl/ctaocrypt/settings.h
@@ -706,12 +706,6 @@
    #endif
 #endif

-#ifdef HAVE_CRL
-    /* not widely supported yet */
-    #undef NO_SKID
-    #define NO_SKID
-#endif
-

 #ifdef __INTEL_COMPILER
    #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */