wolfssl: add support for CRLbagder/wolfssl-crl

author: Daniel Stenberg <daniel@haxx.se> 2018-05-05 00:32:09 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2018-05-05 00:32:09 +0200
commit: d4ca1bc2f8313064f0455c93fcd32ccdb7aafa62 (patch)
tree: 6e03e2509132da436977330cce61100a388050a3
parent: babd55e25f6d00fc59e8952a9a8b56b6de93fabe (diff)
download: curl-bagder/wolfssl-crl.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 20ce460e8..0f9d0c098 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -157,6 +157,7 @@ cyassl_connect_step1(struct connectdata *conn,
   struct ssl_connect_data* connssl = &conn->ssl[sockindex];
   SSL_METHOD* req_method = NULL;
   curl_socket_t sockfd = conn->sock[sockindex];
+  const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
 #ifdef HAVE_SNI
   bool sni = FALSE;
 #define use_sni(x)  sni = (x)
@@ -403,6 +404,14 @@ cyassl_connect_step1(struct connectdata *conn,
     return CURLE_OUT_OF_MEMORY;
   }
 
+  if(ssl_crlfile) {
+    if(wolfSSL_LoadCRL(BACKEND->handle, ssl_crlfile, SSL_FILETYPE_PEM, 0) !=
+       SSL_SUCCESS) {
+      failf(data, "Error reading CRL file %s", ssl_crlfile);
+      return CURLE_SSL_CRL_BADFILE;
+    }
+  }
+
 #ifdef HAVE_ALPN
   if(conn->bits.tls_enable_alpn) {
     char protocols[128];
@@ -541,6 +550,10 @@ cyassl_connect_step2(struct connectdata *conn,
       }
     }
 #endif
+    else if(-362 == detail) { /* CRL_MISSING */
+      failf(data, "CRL file missing!");
+      return CURLE_SSL_CRL_BADFILE;
+    }
     else {
       failf(data, "SSL_connect failed with error %d: %s", detail,
           ERR_error_string(detail, error_buffer));
author	Daniel Stenberg <daniel@haxx.se>	2018-05-05 00:32:09 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2018-05-05 00:32:09 +0200
commit	d4ca1bc2f8313064f0455c93fcd32ccdb7aafa62 (patch)
tree	6e03e2509132da436977330cce61100a388050a3
parent	babd55e25f6d00fc59e8952a9a8b56b6de93fabe (diff)
download	curl-bagder/wolfssl-crl.tar.gz