From 2f9f746053be1154405defb64f96d0f752925185 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 16 Jun 2017 16:02:36 -0700
Subject: [PATCH] =?UTF-8?q?Fix=20for=20CRL=20serial=20number=20matching=20?=
 =?UTF-8?q?to=20also=20check=20length.=20Fix=20for=20testing=20the=20verif?=
 =?UTF-8?q?y=20callback=20override=20=E2=80=98-j=E2=80=99=20to=20not=20ena?=
 =?UTF-8?q?ble=20CRL=20since=20the=20CA=E2=80=99s=20are=20not=20loaded=20f?=
 =?UTF-8?q?or=20this=20test.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 examples/client/client.c | 2 +-
 src/crl.c                | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index eab3d10ce..f9a19ef7f 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1729,7 +1729,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
 #ifdef HAVE_CRL
-    if (disableCRL == 0) {
+    if (disableCRL == 0 && !useVerifyCb) {
     #ifdef HAVE_IO_TIMEOUT
         wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
     #endif
diff --git a/src/crl.c b/src/crl.c
index 24a5d8a1d..198b0cf91 100755
--- a/src/crl.c
+++ b/src/crl.c
@@ -318,7 +318,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
         RevokedCert* rc = crle->certs;
 
         while (rc) {
-            if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
+            if (rc->serialSz == cert->serialSz &&
+                   XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
                 WOLFSSL_MSG("Cert revoked");
                 ret = CRL_CERT_REVOKED;
                 break;