adressed review comments part 5

2021-03-20 12:29:42 +09:00
parent 300cbf7a5b
commit fae36f108e
2 changed files with 8 additions and 1 deletions
--- a/src/crl.c
+++ b/src/crl.c
@ -367,6 +367,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
    (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    /* if not find entry in the CRL list, it looks at the folder that sets  */
+    /* by LOOKUP_ctrl because user would want to use hash_dir.              */
+    /* Loading <issuer-hash>.rN form CRL file if find at the folder,        */
+    /* and try again checking Cert in the CRL list.                         */
+    /* When not set the folder or not use hash_dir, do nothing.             */
    if (foundEntry == 0) {
        if (crl->cm->x509_store_p != NULL) {
            ret = LoadCertByIssuer(crl->cm->x509_store_p, 
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2083,7 +2083,9 @@ struct WOLFSSL_CERT_MANAGER {
    short           minEccKeySz;         /* minimum allowed ECC key size */
 #endif
 #if defined(OPENSSL_EXTRA)
-    WOLFSSL_X509_STORE  *x509_store_p;   /* pointer back to x509 store */
+    WOLFSSL_X509_STORE  *x509_store_p;  /* a pointer back to CTX x509 store  */
+                                        /* CTX has ownership and free this   */
+                                        /* with CTX free.                    */
 #endif
    wolfSSL_Mutex   refMutex;   /* reference count mutex */
    int             refCount;         /* reference count */