From 4569b6ab4a62e18c4d1573c5f52a29df93cc81a5 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 2 Aug 2016 16:57:55 -0700
Subject: [PATCH] Added CRL check example.

---
 certmanager/certverify.c | 61 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 54 insertions(+), 7 deletions(-)

diff --git a/certmanager/certverify.c b/certmanager/certverify.c
index 544529f2..b9df5ab5 100644
--- a/certmanager/certverify.c
+++ b/certmanager/certverify.c
@@ -32,6 +32,15 @@ int main(void)
     const char* caCert     = "../certs/ca-cert.pem";
     const char* verifyCert = "../certs/server-cert.pem";
 
+#ifdef HAVE_CRL
+    
+    const char* crlPem     = "../certs/crl/crl.pem";
+    const char* caCertDer  = "../certs/ca-cert.der";
+    FILE* file;
+    byte buf[4096];
+    int bufSz;
+#endif
+
     cm = wolfSSL_CertManagerNew();
     if (cm == NULL) {
         printf("wolfSSL_CertManagerNew() failed\n");
@@ -41,18 +50,56 @@ int main(void)
     ret = wolfSSL_CertManagerLoadCA(cm, caCert, 0);
     if (ret != SSL_SUCCESS) {
         printf("wolfSSL_CertManagerLoadCA() failed (%d): %s\n",
-                ret, wc_GetErrorString(ret));
-        wolfSSL_CertManagerFree(cm);
-        return -1;
+                ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
     }
 
     ret = wolfSSL_CertManagerVerify(cm, verifyCert, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
         printf("wolfSSL_CertManagerVerify() failed (%d): %s\n",
-                ret, wc_GetErrorString(ret));
-        wolfSSL_CertManagerFree(cm);
-        return -1;
+                ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
     }
     printf("Verification Successful!\n");
-}
 
+#ifdef HAVE_CRL
+    file = fopen(crlPem, "rb");
+    if (file == NULL) {
+        ret = -1; goto exit;
+    }
+
+    bufSz = fread(buf, 1, sizeof(buf), file);
+    fclose(file);
+
+    ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buf, bufSz, SSL_FILETYPE_PEM);
+    if (ret != SSL_SUCCESS) {
+        printf("wolfSSL_CertManagerLoadCRLBuffer() failed (%d): %s\n",
+            ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
+    }
+
+
+    file = fopen(caCertDer, "rb");
+    if (file == NULL) {
+        ret = -1; goto exit;
+    }
+
+    bufSz = fread(buf, 1, sizeof(buf), file);
+    fclose(file);
+
+    ret = wolfSSL_CertManagerCheckCRL(cm, buf, bufSz);
+    if (ret != SSL_SUCCESS) {
+        printf("wolfSSL_CertManagerCheckCRL() failed (%d): %s\n",
+            ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
+    }
+
+    printf("CRL Verification Successful!\n");
+#endif
+
+exit:
+    if (cm) {
+        wolfSSL_CertManagerFree(cm);
+    }
+    return ret;
+}