feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.

Browse Source
This commit is contained in:
David Garske
2017-06-16 16:02:36 -07:00
parent 0fa99fcc2e
commit 2f9f746053
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@ -1729,7 +1729,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
#ifdef HAVE_CRL #ifdef HAVE_CRL
if (disableCRL == 0) { if (disableCRL == 0 && !useVerifyCb) {
#ifdef HAVE_IO_TIMEOUT #ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC); wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif #endif

3
src/crl.c
View File

@ -318,7 +318,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
RevokedCert* rc = crle->certs; RevokedCert* rc = crle->certs;
while (rc) { while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { if (rc->serialSz == cert->serialSz &&
XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
WOLFSSL_MSG("Cert revoked"); WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED; ret = CRL_CERT_REVOKED;
break; break;