feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

allow CRL with NO_FILESYSTEM

Browse Source
This commit is contained in:
toddouska
2015-08-31 14:57:23 -07:00
parent 553fc283c9
commit 6969453d06
3 changed files with 62 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/crl.c
View File

@ -32,8 +32,11 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <dirent.h>
#include <sys/stat.h>
#ifndef NO_FILESYSTEM
#include <dirent.h>
#include <sys/stat.h>
#endif
#include <string.h>
#ifdef HAVE_CRL_MONITOR
@ -679,6 +682,8 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
#else /* HAVE_CRL_MONITOR */
#ifndef NO_FILESYSTEM
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
(void)crl;
@ -689,8 +694,11 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
return NOT_COMPILED_IN;
}
#endif /* NO_FILESYSTEM */
#endif /* HAVE_CRL_MONITOR */
#ifndef NO_FILESYSTEM
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
@ -787,4 +795,6 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
return ret;
}
#endif /* NO_FILESYSTEM */
#endif /* HAVE_CRL */

92
src/ssl.c
View File

@ -3105,6 +3105,52 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
#endif /* HAVE_CRL */
/* turn on CRL if off and compiled in, set options */
int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
{
int ret = SSL_SUCCESS;
(void)options;
WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
#ifdef HAVE_CRL
if (cm->crl == NULL) {
cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
DYNAMIC_TYPE_CRL);
if (cm->crl == NULL)
return MEMORY_E;
if (InitCRL(cm->crl, cm) != 0) {
WOLFSSL_MSG("Init CRL failed");
FreeCRL(cm->crl, 1);
cm->crl = NULL;
return SSL_FAILURE;
}
}
cm->crlEnabled = 1;
if (options & WOLFSSL_CRL_CHECKALL)
cm->crlCheckAll = 1;
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
}
int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
cm->crlEnabled = 0;
return SSL_SUCCESS;
}
/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
long sz, int format)
@ -3678,52 +3724,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
}
/* turn on CRL if off and compiled in, set options */
int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
{
int ret = SSL_SUCCESS;
(void)options;
WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
#ifdef HAVE_CRL
if (cm->crl == NULL) {
cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
DYNAMIC_TYPE_CRL);
if (cm->crl == NULL)
return MEMORY_E;
if (InitCRL(cm->crl, cm) != 0) {
WOLFSSL_MSG("Init CRL failed");
FreeCRL(cm->crl, 1);
cm->crl = NULL;
return SSL_FAILURE;
}
}
cm->crlEnabled = 1;
if (options & WOLFSSL_CRL_CHECKALL)
cm->crlCheckAll = 1;
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
}
int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
cm->crlEnabled = 0;
return SSL_SUCCESS;
}
int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx)

4
wolfssl/internal.h
View File

@ -1298,6 +1298,10 @@ struct CRL_Monitor {
typedef struct WOLFSSL_CRL WOLFSSL_CRL;
#endif
#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
#undef HAVE_CRL_MONITOR
#endif
/* wolfSSL CRL controller */
struct WOLFSSL_CRL {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */