add build optional skip crl next date if missing

2025-08-03 20:54:41 +02:00 · 2015-08-31 17:02:15 -07:00
parent a56a8a22e5
commit 928d2b7caa
2 changed files with 26 additions and 6 deletions
--- a/src/crl.c
+++ b/src/crl.c
@@ -156,10 +156,18 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)

    while (crle) {
        if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
+            int doNextDate = 1;
+
            WOLFSSL_MSG("Found CRL Entry on list");
            WOLFSSL_MSG("Checking next date validity");

-            if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
+            #ifdef WOLFSSL_NO_CRL_NEXT_DATE
+                if (crle->nextDateFormat == ASN_OTHER_TYPE)
+                    doNextDate = 0;  /* skip */
+            #endif
+
+            if (doNextDate && !ValidateDate(crle->nextDate,
+                                            crle->nextDateFormat, AFTER)) {
                WOLFSSL_MSG("CRL next date is no longer valid");
                ret = ASN_AFTER_DATE_E;
            }
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7979,8 +7979,8 @@ static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
 /* prase crl buffer into decoded state, 0 on success */
 int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
 {
-    int     version, len;
-    word32  oid, idx = 0;
+    int     version, len, doNextDate = 1;
+    word32  oid, idx = 0, dateIdx;
    Signer* ca = NULL;

    WOLFSSL_MSG("ParseCRL");
@@ -8016,10 +8016,22 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
    if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
        return ASN_PARSE_E;

-    if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
-        return ASN_PARSE_E;
+    dateIdx = idx;

-    if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+    if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
+    {
+#ifndef WOLFSSL_NO_CRL_NEXT_DATE
+        (void)dateIdx;
+        return ASN_PARSE_E;
+#else
+        dcrl->nextDateFormat = ASN_OTHER_TYPE;  /* skip flag */
+        doNextDate = 0;
+        idx = dateIdx;
+#endif
+    }
+
+    if (doNextDate && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat,
+                                      AFTER)) {
        WOLFSSL_MSG("CRL after date is no longer valid");
        return ASN_AFTER_DATE_E;
    }