diff --git a/src/crl.c b/src/crl.c index 0f47ee1a4..d3f7af8ac 100644 --- a/src/crl.c +++ b/src/crl.c @@ -32,8 +32,11 @@ #include #include -#include -#include +#ifndef NO_FILESYSTEM + #include + #include +#endif + #include #ifdef HAVE_CRL_MONITOR @@ -679,6 +682,8 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) #else /* HAVE_CRL_MONITOR */ +#ifndef NO_FILESYSTEM + static int StartMonitorCRL(WOLFSSL_CRL* crl) { (void)crl; @@ -689,8 +694,11 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) return NOT_COMPILED_IN; } +#endif /* NO_FILESYSTEM */ + #endif /* HAVE_CRL_MONITOR */ +#ifndef NO_FILESYSTEM /* Load CRL path files of type, SSL_SUCCESS on ok */ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) @@ -787,4 +795,6 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) return ret; } +#endif /* NO_FILESYSTEM */ + #endif /* HAVE_CRL */ diff --git a/src/ssl.c b/src/ssl.c index 770fa4055..aba00ac0c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3105,6 +3105,52 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm, #endif /* HAVE_CRL */ +/* turn on CRL if off and compiled in, set options */ +int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options) +{ + int ret = SSL_SUCCESS; + + (void)options; + + WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL"); + if (cm == NULL) + return BAD_FUNC_ARG; + + #ifdef HAVE_CRL + if (cm->crl == NULL) { + cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap, + DYNAMIC_TYPE_CRL); + if (cm->crl == NULL) + return MEMORY_E; + + if (InitCRL(cm->crl, cm) != 0) { + WOLFSSL_MSG("Init CRL failed"); + FreeCRL(cm->crl, 1); + cm->crl = NULL; + return SSL_FAILURE; + } + } + cm->crlEnabled = 1; + if (options & WOLFSSL_CRL_CHECKALL) + cm->crlCheckAll = 1; + #else + ret = NOT_COMPILED_IN; + #endif + + return ret; +} + + +int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL"); + if (cm == NULL) + return BAD_FUNC_ARG; + + cm->crlEnabled = 0; + + return SSL_SUCCESS; +} /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, long sz, int format) @@ -3678,52 +3724,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file, } -/* turn on CRL if off and compiled in, set options */ -int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options) -{ - int ret = SSL_SUCCESS; - - (void)options; - - WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL"); - if (cm == NULL) - return BAD_FUNC_ARG; - - #ifdef HAVE_CRL - if (cm->crl == NULL) { - cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap, - DYNAMIC_TYPE_CRL); - if (cm->crl == NULL) - return MEMORY_E; - - if (InitCRL(cm->crl, cm) != 0) { - WOLFSSL_MSG("Init CRL failed"); - FreeCRL(cm->crl, 1); - cm->crl = NULL; - return SSL_FAILURE; - } - } - cm->crlEnabled = 1; - if (options & WOLFSSL_CRL_CHECKALL) - cm->crlCheckAll = 1; - #else - ret = NOT_COMPILED_IN; - #endif - - return ret; -} - - -int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm) -{ - WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL"); - if (cm == NULL) - return BAD_FUNC_ARG; - - cm->crlEnabled = 0; - - return SSL_SUCCESS; -} int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5b690d1cd..427bb2fb7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1298,6 +1298,10 @@ struct CRL_Monitor { typedef struct WOLFSSL_CRL WOLFSSL_CRL; #endif +#if defined(HAVE_CRL) && defined(NO_FILESYSTEM) + #undef HAVE_CRL_MONITOR +#endif + /* wolfSSL CRL controller */ struct WOLFSSL_CRL { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */