mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 10:00:52 +02:00
558ae34f68
The CRL_STATIC_REVOKED_LIST code path stored revoked certificates in a fixed array but never sorted it after parsing, causing binary search to silently miss revoked serials when entries arrived in non-sorted wire order. Additionally, comparisons used rc[0].serialSz instead of rc[mid].serialSz, omitted the length-equality check before XMEMCMP, and ignored the serialHash lookup path entirely (causing a NULL dereference when hash-based lookup was used). Fixes: - Sort the revoked cert array in InitCRL_Entry after populating it - Use rc[mid].serialSz instead of rc->serialSz in binary search - Add serialSz equality check before XMEMCMP, matching linked-list path - Implement serialHash-based linear scan for hash lookup callers Add unit test that loads a CRL with serials in unsorted wire order and verifies that a revoked certificate is correctly detected.
Before creating any new configure files (.conf) read the CONF_FILES_README.md