SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-03-10 16:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always revoke certificate on CRL

Browse Source 
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
This commit is contained in:
Raoul Strackx
2020-06-15 17:03:13 +02:00
parent 14cb46de24
commit 75475d8465
9 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/data_files/test-ca.server1.future-crl.db Normal file
View File

@@ -0,0 +1,2 @@
R 210212144406Z 290101124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1
R 210212144400Z 290101124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA