CRL refactor

- CheckCertCRLList: check all entries in case a single issuer has multiple CRL's loaded
- test_multiple_crls_same_issuer: testing two different certificates forcing the client to check both CRL's from the same issuer
- CRL_Entry
  - use a lock instead of a mutex to allow multiple threads to access the same list simultaneously
  - add a verifyMutex when doing verification so that we don't have to release the crlLock
- Add allocation and free functions for CRL_Entry
- DupCRL_Entry: simplify copying by copying all static fields in one memcpy

Author: julek-wolfssl

certs/crl/extra-crls/general-server-crl.pem

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
+MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMDgyMjE3NDgzNloX
+DTI2MDUxODE3NDgzNlowFDASAgEBFw0yMzA4MjIxNzQ4MjlaoA4wDDAKBgNVHRQE
+AwIBAzANBgkqhkiG9w0BAQsFAAOCAQEArb/WuyC0mGBJXNdWFACKd8t3xHP1ypbH
+IkRyTBXGgsb7zjCiwraMxNBwaypaDURv3uVBIjSF+toJYnEB2cCj8K6VBeMOeqz7
+9l7gsP9xy6LP2YosqiN1MuGZP8SxUxBX9RlHPXO4i85s2DKwdBftg0rXdXLbhafx
+m6F3+CIIG+J6BO6D9KOrfaNcLZOgY3LTF2Rc1Y9qH2CUNBgfGMalFt1c13MsP2Oa
+Z22HWuJbiLPdeyEsFNy/4ROshgB85kMwZWZQA0LnD5gedwRuaAmlFwSuayl3epwE
+v0SQy1Kcp6UbZFTELiIoCNC8y9hL56okbux/TtiukU6mQkvIQBidtQ==
+-----END X509 CRL-----

certs/crl/gencrls.sh

@@ -92,6 +92,18 @@ mv tmp crl.revoked
 #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
 
 
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
+# revoke the general server cert
+echo "Step 10"
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
+
+echo "Step 11"
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/general-server-crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
+
 # remove revoked so next time through the normal CA won't have server revoked
 cp blank.index.txt demoCA/index.txt
 
@@ -105,7 +117,7 @@ openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl
 check_result $?
 
 # metadata
-echo "Step 12"
+echo "Step 13"
 openssl crl -in caEccCrl.pem -text > tmp
 check_result $?
 mv tmp caEccCrl.pem
@@ -116,69 +128,69 @@ mv tmp caEccCrl.pem
 # server-revoked-cert.pem is already revoked in Step 10
 #openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 
-echo "Step 13"
+echo "Step 14"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?
 
 # metadata
-echo "Step 14"
+echo "Step 15"
 openssl crl -in caEcc384Crl.pem -text > tmp
 check_result $?
 mv tmp caEcc384Crl.pem
 # install (only needed if working outside wolfssl)
 #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
 
 # cliCrl
-echo "Step 15"
+echo "Step 16"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
 check_result $?
 
 # metadata
-echo "Step 16"
+echo "Step 17"
 openssl crl -in cliCrl.pem -text > tmp
 check_result $?
 mv tmp cliCrl.pem
 # install (only needed if working outside wolfssl)
 #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
 
 # eccCliCRL
-echo "Step 17"
+echo "Step 18"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
 check_result $?
 
 # metadata
-echo "Step 18"
+echo "Step 19"
 openssl crl -in eccCliCRL.pem -text > tmp
 check_result $?
 mv tmp eccCliCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
 
 # eccSrvCRL
-echo "Step 19"
+echo "Step 20"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
 check_result $?
 
 # metadata
-echo "Step 20"
+echo "Step 21"
 openssl crl -in eccSrvCRL.pem -text > tmp
 check_result $?
 mv tmp eccSrvCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
 # caEccCrl
-echo "Step 21"
+echo "Step 22"
 openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?
 
 # ca-ecc384-cert
-echo "Step 22"
+echo "Step 23"
 openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?
 
 # create crl and crl2 der files for unit test
-echo "Step 23"
+echo "Step 24"
 openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
 openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER