forked from wolfSSL/wolfssl
add build optional skip crl next date if missing
This commit is contained in:
toddouska
10
src/crl.c
10
src/crl.c
@@ -156,10 +156,18 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
|
|||||||
|
|
||||||
while (crle) {
|
while (crle) {
|
||||||
if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
|
if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
|
||||||
|
int doNextDate = 1;
|
||||||
|
|
||||||
WOLFSSL_MSG("Found CRL Entry on list");
|
WOLFSSL_MSG("Found CRL Entry on list");
|
||||||
WOLFSSL_MSG("Checking next date validity");
|
WOLFSSL_MSG("Checking next date validity");
|
||||||
|
|
||||||
if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
|
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
|
||||||
|
if (crle->nextDateFormat == ASN_OTHER_TYPE)
|
||||||
|
doNextDate = 0; /* skip */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (doNextDate && !ValidateDate(crle->nextDate,
|
||||||
|
crle->nextDateFormat, AFTER)) {
|
||||||
WOLFSSL_MSG("CRL next date is no longer valid");
|
WOLFSSL_MSG("CRL next date is no longer valid");
|
||||||
ret = ASN_AFTER_DATE_E;
|
ret = ASN_AFTER_DATE_E;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7979,8 +7979,8 @@ static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
|
|||||||
/* prase crl buffer into decoded state, 0 on success */
|
/* prase crl buffer into decoded state, 0 on success */
|
||||||
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
|
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
|
||||||
{
|
{
|
||||||
int version, len;
|
int version, len, doNextDate = 1;
|
||||||
word32 oid, idx = 0;
|
word32 oid, idx = 0, dateIdx;
|
||||||
Signer* ca = NULL;
|
Signer* ca = NULL;
|
||||||
|
|
||||||
WOLFSSL_MSG("ParseCRL");
|
WOLFSSL_MSG("ParseCRL");
|
||||||
@@ -8016,10 +8016,22 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
|
|||||||
if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
|
if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
|
dateIdx = idx;
|
||||||
return ASN_PARSE_E;
|
|
||||||
|
|
||||||
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
|
if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
|
||||||
|
{
|
||||||
|
#ifndef WOLFSSL_NO_CRL_NEXT_DATE
|
||||||
|
(void)dateIdx;
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
#else
|
||||||
|
dcrl->nextDateFormat = ASN_OTHER_TYPE; /* skip flag */
|
||||||
|
doNextDate = 0;
|
||||||
|
idx = dateIdx;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
if (doNextDate && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat,
|
||||||
|
AFTER)) {
|
||||||
WOLFSSL_MSG("CRL after date is no longer valid");
|
WOLFSSL_MSG("CRL after date is no longer valid");
|
||||||
return ASN_AFTER_DATE_E;
|
return ASN_AFTER_DATE_E;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user