From 5539b0eb384e1bbba3f58395aea750ab50ac00c3 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Sun, 20 Jan 2019 10:11:19 +0900
Subject: [PATCH] wolfSSL_CertManagerFreeCRL: exporsing FreeCRL

---
 src/ssl.c     | 11 +++++++++++
 tests/api.c   | 29 +++++++++++++++++++++++++++++
 wolfssl/ssl.h |  1 +
 3 files changed, 41 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 011161367..9db6a5cdb 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5336,6 +5336,17 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
     return BufferLoadCRL(cm->crl, buff, sz, type, 0);
 }
 
+int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerFreeCRL");
+    if (cm == NULL)
+        return BAD_FUNC_ARG;
+    if (cm->crl != NULL){
+        FreeCRL(cm->crl, 1);
+        cm->crl = NULL;
+    }
+    return WOLFSSL_SUCCESS;
+}
 
 int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                               long sz, int type)
diff --git a/tests/api.c b/tests/api.c
index bc102fff6..c2945228c 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -957,6 +957,34 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
     return ret;
 }
 
+static void test_wolfSSL_CertManagerCRL(void)
+{
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL)
+
+    const char* ca_cert = "./certs/ca-cert.pem";
+    const char* crl1     = "./certs/crl/crl.pem";
+    const char* crl2     = "./certs/crl/crl2.pem";
+
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    AssertNotNull(cm = wolfSSL_CertManagerNew());
+    AssertIntEQ(WOLFSSL_SUCCESS, 
+        wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
+    AssertIntEQ(WOLFSSL_SUCCESS, 
+        wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
+    AssertIntEQ(WOLFSSL_SUCCESS, 
+        wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));    
+    wolfSSL_CertManagerFreeCRL(cm);
+
+    AssertIntEQ(WOLFSSL_SUCCESS, 
+        wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
+    AssertIntEQ(WOLFSSL_SUCCESS, 
+        wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
+    wolfSSL_CertManagerFree(cm);
+
+#endif
+}
+
 static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
 {
 #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
@@ -23083,6 +23111,7 @@ void ApiTest(void)
     test_wolfSSL_CTX_use_PrivateKey_file();
     test_wolfSSL_CTX_load_verify_locations();
     test_wolfSSL_CertManagerLoadCABuffer();
+    test_wolfSSL_CertManagerCRL();
     test_wolfSSL_CTX_load_verify_chain_buffer_format();
     test_wolfSSL_CTX_use_certificate_chain_file_format();
     test_wolfSSL_CTX_trust_peer_cert();
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 898680453..c40c23a5b 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2103,6 +2103,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
                                             const unsigned char*, long sz, int);
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
                                                                   CbMissingCRL);
+    WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
                                                                        CbCrlIO);