From fd701223782885041224add5b88adaf649fdd438 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Fri, 18 May 2012 11:03:44 -0700
Subject: [PATCH] add external der CRL checker

---
 cyassl/ssl.h |  2 ++
 src/ssl.c    | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index f87da7307..f73b988c9 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -789,6 +789,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
                                         const char* d);
 CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
                                         int format);
+CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
+                                          int sz);
 CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
 CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
 CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
diff --git a/src/ssl.c b/src/ssl.c
index bb7608763..96225df95 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1383,6 +1383,7 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
 }
 
 
+
 /* turn on CRL if off and compiled in, set options */
 int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
 {
@@ -1432,6 +1433,43 @@ int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
 #ifdef HAVE_CRL
 
 
+/* check CRL if enabled, SSL_SUCCESS  */
+int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
+{
+    int         ret;
+    DecodedCert cert;
+
+    CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
+
+    if (cm == NULL)
+        return BAD_FUNC_ARG;
+
+    if (cm->crlEnabled == 0)
+        return SSL_SUCCESS;
+
+    InitDecodedCert(&cert, der, sz, NULL);
+
+    ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
+    if (ret != 0) {
+        CYASSL_MSG("ParseCert failed");
+        return ret;
+    }
+    else {
+        ret = CheckCertCRL(cm->crl, &cert);
+        if (ret != 0) {
+            CYASSL_MSG("CheckCertCRL failed");
+        }
+    }
+
+    FreeDecodedCert(&cert);
+
+    if (ret == 0)
+        return SSL_SUCCESS;  /* convert */
+
+    return ret;
+}
+
+
 int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
 {
     CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");