diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-25 23:44:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-26 00:48:49 +0200 |
commit | 16b03a96fa864e1bba5c28f1a1bd6846163ac6b2 (patch) | |
tree | d5d2f0480515a4b6f113e27db8fff3cf0b8af9cd /lib | |
parent | d869e863c32d685d7e795616db4e6e6bf4fa1d22 (diff) | |
download | gnutls-16b03a96fa864e1bba5c28f1a1bd6846163ac6b2.tar.gz |
Added the notion of a default CRL file.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gnutls_x509.c | 28 | ||||
-rw-r--r-- | lib/x509/verify-high2.c | 9 |
2 files changed, 33 insertions, 4 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 4f15ea17bb..0dc0aa746f 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1592,7 +1592,7 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred, static int set_x509_system_trust_file (gnutls_certificate_credentials_t cred) { - int ret; + int ret, r; gnutls_datum_t cas; size_t size; @@ -1612,9 +1612,33 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) if (ret < 0) { gnutls_assert (); + return ret; } + + r = ret; - return ret; +#ifdef DEFAULT_CRL_FILE + cas.data = (void*)read_binary_file (DEFAULT_CRL_FILE, &size); + if (cas.data == NULL) + { + gnutls_assert (); + return r; + } + + cas.size = size; + + ret = gnutls_certificate_set_x509_crl_mem(cred, &cas, GNUTLS_X509_FMT_PEM); + + free (cas.data); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } +#endif + + return r; } #endif diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index d6c9991bf3..dad3f6d0e1 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -233,16 +233,21 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags) { int ret, r = 0; + const char* crl_file = NULL; + +#ifdef DEFAULT_CRL_FILE + crl_file = DEFAULT_CRL_FILE; +#endif #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11) - ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, NULL, + ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, crl_file, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags); if (ret > 0) r += ret; #endif #ifdef DEFAULT_TRUST_STORE_FILE - ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, NULL, + ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, crl_file, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags); if (ret > 0) r += ret; |