summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-05-05 00:32:09 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-05-05 00:32:09 +0200
commitd4ca1bc2f8313064f0455c93fcd32ccdb7aafa62 (patch)
tree6e03e2509132da436977330cce61100a388050a3
parentbabd55e25f6d00fc59e8952a9a8b56b6de93fabe (diff)
downloadcurl-bagder/wolfssl-crl.tar.gz
wolfssl: add support for CRLbagder/wolfssl-crl
-rw-r--r--lib/vtls/cyassl.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 20ce460e8..0f9d0c098 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -157,6 +157,7 @@ cyassl_connect_step1(struct connectdata *conn,
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
SSL_METHOD* req_method = NULL;
curl_socket_t sockfd = conn->sock[sockindex];
+ const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
#ifdef HAVE_SNI
bool sni = FALSE;
#define use_sni(x) sni = (x)
@@ -403,6 +404,14 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
}
+ if(ssl_crlfile) {
+ if(wolfSSL_LoadCRL(BACKEND->handle, ssl_crlfile, SSL_FILETYPE_PEM, 0) !=
+ SSL_SUCCESS) {
+ failf(data, "Error reading CRL file %s", ssl_crlfile);
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ }
+
#ifdef HAVE_ALPN
if(conn->bits.tls_enable_alpn) {
char protocols[128];
@@ -541,6 +550,10 @@ cyassl_connect_step2(struct connectdata *conn,
}
}
#endif
+ else if(-362 == detail) { /* CRL_MISSING */
+ failf(data, "CRL file missing!");
+ return CURLE_SSL_CRL_BADFILE;
+ }
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));