Skip to content

Commit cdef51f

Browse files
dgarskedgarske
committed
Add build option for disabling CRL date check (WOLFSSL_NO_CRL_DATE_CHECK). ZD 16675
1 parent 37884f8 commit cdef51f

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@ ASN Options:
7070
* WOLFSSL_NO_OCSP_DATE_CHECK: Disable date checks for OCSP responses. This
7171
may be required when the system's real-time clock is not very accurate.
7272
It is recommended to enforce the nonce check instead if possible.
73+
* WOLFSSL_NO_CRL_DATE_CHECK: Disable date checks for CRL's.
74+
* WOLFSSL_NO_CRL_NEXT_DATE: Do not fail if CRL next date is missing
7375
* WOLFSSL_FORCE_OCSP_NONCE_CHECK: Require nonces to be available in OCSP
7476
responses. The nonces are optional and may not be supported by all
7577
responders. If it can be ensured that the used responder sends nonces this
@@ -36661,7 +36663,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
3666136663
if (doNextDate)
3666236664
#endif
3666336665
{
36664-
#ifndef NO_ASN_TIME
36666+
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
3666536667
if (verify != NO_VERIFY &&
3666636668
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
3666736669
WOLFSSL_MSG("CRL after date is no longer valid");
@@ -37191,7 +37193,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
3719137193
dcrl->nextDateFormat = (dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag != 0)
3719237194
? dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag
3719337195
: dataASN[CRLASN_IDX_TBS_NEXTUPDATE_GT].tag;
37194-
#ifndef NO_ASN_TIME
37196+
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
3719537197
if (dcrl->nextDateFormat != 0) {
3719637198
/* Next date was set, so validate it. */
3719737199
if (verify != NO_VERIFY &&
@@ -37202,8 +37204,8 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
3720237204
}
3720337205
}
3720437206
}
37205-
if (ret == 0) {
37206-
#endif
37207+
if (ret == 0) { /* in "no time" cases above "ret" is not set */
37208+
#endif /* !NO_ASN_TIME && !WOLFSSL_NO_CRL_DATE_CHECK */
3720737209
#ifdef OPENSSL_EXTRA
3720837210
/* Parse and store the issuer name. */
3720937211
dcrl->issuerSz = GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER],

0 commit comments

Comments
 (0)