diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index a5fb8b34b..e1c68bce4 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -382,11 +382,11 @@ CYASSL_LOCAL int EncodeOcspRequest(DecodedCert*, byte*, word32); #endif /* HAVE_OCSP */ -#ifdef HAVE_CRL - - +/* for pointer use */ typedef struct RevokedCert RevokedCert; +#ifdef HAVE_CRL + struct RevokedCert { byte serialNumber[EXTERNAL_SERIAL_SIZE]; int serialSz; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 3e9f6b270..b14c029f9 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -798,10 +798,12 @@ CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL); CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int); +CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int); +CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); diff --git a/cyassl/test.h b/cyassl/test.h index fcc3b63cd..d68ad64b7 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -575,6 +575,16 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store) #endif /* VERIFY_CALLBACK */ +#ifdef HAVE_CRL + +static void CRL_CallBack(char* url) +{ + printf("CRL callback url = %s\n", url); +} + +#endif + + static INLINE void CaCb(unsigned char* der, int sz, int type) { printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type); diff --git a/examples/client/client.c b/examples/client/client.c index 42317a2e0..d09ec8cd3 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -210,6 +210,7 @@ void client_test(void* args) #ifdef HAVE_CRL CyaSSL_EnableCRL(ssl, 0); CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM); + CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); #endif if (argc != 3) CyaSSL_check_domain_name(ssl, "www.yassl.com"); diff --git a/src/crl.c b/src/crl.c index 4c8200911..18a139069 100644 --- a/src/crl.c +++ b/src/crl.c @@ -144,8 +144,19 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert) if (foundEntry == 0) { CYASSL_MSG("Couldn't find CRL for status check"); ret = CRL_MISSING; - if (crl->cm->cbMissingCRL) - crl->cm->cbMissingCRL(NULL); + if (crl->cm->cbMissingCRL) { + char url[256]; + + CYASSL_MSG("Issuing missing CRL callback"); + url[0] = '\0'; + if (cert->extCrlInfoSz < sizeof(url) -1 ) { + XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); + url[cert->extCrlInfoSz] = '\0'; + } + else + CYASSL_MSG("CRL url too long"); + crl->cm->cbMissingCRL(url); + } } diff --git a/src/ssl.c b/src/ssl.c index 01b48adbc..c9ac60cd9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1186,8 +1186,10 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, else { if (type == CA_TYPE && format == SSL_FILETYPE_PEM) ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl); +#ifdef HAVE_CRL else if (type == CRL_TYPE) ret = BufferLoadCRL(crl, myBuffer, sz, format); +#endif else ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL, userChain); @@ -1479,6 +1481,16 @@ int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type) } +int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb) +{ + CYASSL_ENTER("CyaSSL_SetCRL_Cb"); + if (ssl) + return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb); + else + return BAD_FUNC_ARG; +} + + int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options) { CYASSL_ENTER("CyaSSL_CTX_EnableCRL"); @@ -1509,6 +1521,16 @@ int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type) } +int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb) +{ + CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb"); + if (ctx) + return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb); + else + return BAD_FUNC_ARG; +} + + #endif /* HAVE_CRL */