Handle missing CRL parsing gracefully

This commit is contained in:
Paul Bakker 2014-06-12 23:22:26 +02:00
parent 9b7fb6f68e
commit 8880cb52f7

View File

@ -175,7 +175,13 @@ int main( int argc, char *argv[] )
server_fd = 0;
x509_crt_init( &cacert );
x509_crt_init( &clicert );
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl_init( &cacrl );
#else
/* Zeroize structure as CRL parsing is not supported and we have to pass
it to the verify function */
memset( &cacrl, 0, sizeof(x509_crl) );
#endif
pk_init( &pkey );
if( argc == 0 )
@ -274,18 +280,19 @@ int main( int argc, char *argv[] )
printf( " ok (%d skipped)\n", ret );
#if defined(POLARSSL_X509_CRL_PARSE_C)
if( strlen( opt.crl_file ) )
{
ret = x509_crl_parse_file( &cacrl, opt.crl_file );
verify = 1;
}
if( ret < 0 )
if( ( ret = x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
{
printf( " failed\n ! x509_crl_parse returned -0x%x\n\n", -ret );
goto exit;
}
verify = 1;
}
#endif
if( opt.mode == MODE_FILE )
{
x509_crt crt;
@ -473,7 +480,9 @@ exit:
net_close( server_fd );
x509_crt_free( &cacert );
x509_crt_free( &clicert );
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl_free( &cacrl );
#endif
pk_free( &pkey );
entropy_free( &entropy );