Skip to content

Commit 9e34ed9

Browse files
JacobBarthelmehJacobBarthelmeh
authored
Merge pull request #6927 from dgarske/crl_no_date
Add build option for disabling CRL date check
2 parents 21f34ef + cdef51f commit 9e34ed9

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@ ASN Options:
7070
* WOLFSSL_NO_OCSP_DATE_CHECK: Disable date checks for OCSP responses. This
7171
may be required when the system's real-time clock is not very accurate.
7272
It is recommended to enforce the nonce check instead if possible.
73+
* WOLFSSL_NO_CRL_DATE_CHECK: Disable date checks for CRL's.
74+
* WOLFSSL_NO_CRL_NEXT_DATE: Do not fail if CRL next date is missing
7375
* WOLFSSL_FORCE_OCSP_NONCE_CHECK: Require nonces to be available in OCSP
7476
responses. The nonces are optional and may not be supported by all
7577
responders. If it can be ensured that the used responder sends nonces this
@@ -36667,7 +36669,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
3666736669
if (doNextDate)
3666836670
#endif
3666936671
{
36670-
#ifndef NO_ASN_TIME
36672+
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
3667136673
if (verify != NO_VERIFY &&
3667236674
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
3667336675
WOLFSSL_MSG("CRL after date is no longer valid");
@@ -37197,7 +37199,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
3719737199
dcrl->nextDateFormat = (dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag != 0)
3719837200
? dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag
3719937201
: dataASN[CRLASN_IDX_TBS_NEXTUPDATE_GT].tag;
37200-
#ifndef NO_ASN_TIME
37202+
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
3720137203
if (dcrl->nextDateFormat != 0) {
3720237204
/* Next date was set, so validate it. */
3720337205
if (verify != NO_VERIFY &&
@@ -37208,8 +37210,8 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
3720837210
}
3720937211
}
3721037212
}
37211-
if (ret == 0) {
37212-
#endif
37213+
if (ret == 0) { /* in "no time" cases above "ret" is not set */
37214+
#endif /* !NO_ASN_TIME && !WOLFSSL_NO_CRL_DATE_CHECK */
3721337215
#ifdef OPENSSL_EXTRA
3721437216
/* Parse and store the issuer name. */
3721537217
dcrl->issuerSz = GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER],

0 commit comments

Comments
 (0)