From 1e2a6412d744972c8edc61a36cf65b8e716c17be Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 11 Apr 2017 14:30:35 +1000 Subject: [PATCH] Find the CRL entry again after lock --- src/crl.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/src/crl.c b/src/crl.c index d9a2ed06c..b9c44089a 100755 --- a/src/crl.c +++ b/src/crl.c @@ -255,17 +255,28 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr return BAD_MUTEX_E; } - if (ret == 0) - crle->verified = 1; - else { - crle->verified = ret; - break; - } + crle = crl->crlList; + while (crle) { + if (XMEMCMP(crle->issuerHash, cert->issuerHash, + CRL_DIGEST_SIZE) == 0) { - XFREE(crle->toBeSigned, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); - crle->toBeSigned = NULL; - XFREE(crle->signature, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); - crle->signature = NULL; + if (ret == 0) + crle->verified = 1; + else + crle->verified = ret; + + XFREE(crle->toBeSigned, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + crle->toBeSigned = NULL; + XFREE(crle->signature, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + crle->signature = NULL; + break; + } + crle = crle->next; + } + if (crle == NULL || crle->verified < 0) + break; } else if (crle->verified < 0) { WOLFSSL_MSG("Cannot use CRL as it didn't verify");