wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 05:04:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

add crl checkall processing

Browse Source
This commit is contained in:
toddouska
2012-05-24 12:45:10 -07:00
parent db7773aa54
commit 73ddd32539
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@@ -208,7 +208,7 @@ void client_test(void* args)
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd); CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL #ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0); CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0); CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif #endif

18
src/internal.c
View File

@@ -1628,11 +1628,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
ssl->ctx->cm); ssl->ctx->cm);
if (ret == 0 && dCert.isCA == 0) { if (ret == 0 && dCert.isCA == 0) {
CYASSL_MSG("Chain cert is not a CA, not adding as one"); CYASSL_MSG("Chain cert is not a CA, not adding as one");
(void)ret;
} }
else if (ret == 0 && ssl->options.verifyNone) { else if (ret == 0 && ssl->options.verifyNone) {
CYASSL_MSG("Chain cert not verified by option, not adding as CA"); CYASSL_MSG("Chain cert not verified by option, not adding as CA");
(void)ret;
} }
else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, dCert.subjectHash)) { else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, dCert.subjectHash)) {
buffer add; buffer add;
@@ -1651,13 +1649,22 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
} }
else if (ret != 0) { else if (ret != 0) {
CYASSL_MSG("Failed to verify CA from chain"); CYASSL_MSG("Failed to verify CA from chain");
(void)ret;
} }
else { else {
CYASSL_MSG("Verified CA from chain and already had it"); CYASSL_MSG("Verified CA from chain and already had it");
(void)ret;
} }
#ifdef HAVE_CRL
if (ret == 0 && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) {
CYASSL_MSG("Doing Non Leaf CRL check");
ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
if (ret != 0) {
CYASSL_MSG("\tCRL check not ok");
}
}
#endif /* HAVE_CRL */
if (ret != 0 && anyError == 0) if (ret != 0 && anyError == 0)
anyError = ret; /* save error from last time */ anyError = ret; /* save error from last time */
@@ -1705,7 +1712,8 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
#endif #endif
#ifdef HAVE_CRL #ifdef HAVE_CRL
if (ssl->ctx->cm->crlEnabled) { if (fatal == 0 && ssl->ctx->cm->crlEnabled) {
CYASSL_MSG("Doing Leaf CRL check");
ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert); ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
if (ret != 0) { if (ret != 0) {