From 928d2b7caaa990911345102d99841b695ccb7441 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 31 Aug 2015 17:02:15 -0700
Subject: [PATCH] add build optional skip crl next date if missing

---
 src/crl.c           | 10 +++++++++-
 wolfcrypt/src/asn.c | 22 +++++++++++++++++-----
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/crl.c b/src/crl.c
index d3f7af8ac..6cd26cdd2 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -156,10 +156,18 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 
     while (crle) {
         if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
+            int doNextDate = 1;
+
             WOLFSSL_MSG("Found CRL Entry on list");
             WOLFSSL_MSG("Checking next date validity");
 
-            if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
+            #ifdef WOLFSSL_NO_CRL_NEXT_DATE
+                if (crle->nextDateFormat == ASN_OTHER_TYPE)
+                    doNextDate = 0;  /* skip */
+            #endif
+
+            if (doNextDate && !ValidateDate(crle->nextDate,
+                                            crle->nextDateFormat, AFTER)) {
                 WOLFSSL_MSG("CRL next date is no longer valid");
                 ret = ASN_AFTER_DATE_E;
             }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index d813181c2..9ddd027fe 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7979,8 +7979,8 @@ static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
 /* prase crl buffer into decoded state, 0 on success */
 int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
 {
-    int     version, len;
-    word32  oid, idx = 0;
+    int     version, len, doNextDate = 1;
+    word32  oid, idx = 0, dateIdx;
     Signer* ca = NULL;
 
     WOLFSSL_MSG("ParseCRL");
@@ -8016,10 +8016,22 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
     if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
         return ASN_PARSE_E;
 
-    if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
-        return ASN_PARSE_E;
+    dateIdx = idx;
 
-    if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+    if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
+    {
+#ifndef WOLFSSL_NO_CRL_NEXT_DATE
+        (void)dateIdx;
+        return ASN_PARSE_E;
+#else
+        dcrl->nextDateFormat = ASN_OTHER_TYPE;  /* skip flag */
+        doNextDate = 0;
+        idx = dateIdx;
+#endif
+    }
+
+    if (doNextDate && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat,
+                                      AFTER)) {
         WOLFSSL_MSG("CRL after date is no longer valid");
         return ASN_AFTER_DATE_E;
     }