Added CRL check example.

2016-08-02 16:57:55 -07:00 · 2016-08-02 16:57:55 -07:00 · 4569b6ab4a
parent a50b79a018
commit 4569b6ab4a
1 changed files with 54 additions and 7 deletions
--- a/certmanager/certverify.c
+++ b/certmanager/certverify.c
@ -32,6 +32,15 @@ int main(void)
    const char* caCert     = "../certs/ca-cert.pem";
    const char* verifyCert = "../certs/server-cert.pem";

+#ifdef HAVE_CRL
+    
+    const char* crlPem     = "../certs/crl/crl.pem";
+    const char* caCertDer  = "../certs/ca-cert.der";
+    FILE* file;
+    byte buf[4096];
+    int bufSz;
+#endif
+
    cm = wolfSSL_CertManagerNew();
    if (cm == NULL) {
        printf("wolfSSL_CertManagerNew() failed\n");
@ -41,18 +50,56 @@ int main(void)
    ret = wolfSSL_CertManagerLoadCA(cm, caCert, 0);
    if (ret != SSL_SUCCESS) {
        printf("wolfSSL_CertManagerLoadCA() failed (%d): %s\n",
-                ret, wc_GetErrorString(ret));
-        wolfSSL_CertManagerFree(cm);
-        return -1;
+                ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
    }

    ret = wolfSSL_CertManagerVerify(cm, verifyCert, SSL_FILETYPE_PEM);
    if (ret != SSL_SUCCESS) {
        printf("wolfSSL_CertManagerVerify() failed (%d): %s\n",
-                ret, wc_GetErrorString(ret));
-        wolfSSL_CertManagerFree(cm);
-        return -1;
+                ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
    }
    printf("Verification Successful!\n");
+
+#ifdef HAVE_CRL
+    file = fopen(crlPem, "rb");
+    if (file == NULL) {
+        ret = -1; goto exit;
    }

+    bufSz = fread(buf, 1, sizeof(buf), file);
+    fclose(file);
+
+    ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buf, bufSz, SSL_FILETYPE_PEM);
+    if (ret != SSL_SUCCESS) {
+        printf("wolfSSL_CertManagerLoadCRLBuffer() failed (%d): %s\n",
+            ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
+    }
+
+
+    file = fopen(caCertDer, "rb");
+    if (file == NULL) {
+        ret = -1; goto exit;
+    }
+
+    bufSz = fread(buf, 1, sizeof(buf), file);
+    fclose(file);
+
+    ret = wolfSSL_CertManagerCheckCRL(cm, buf, bufSz);
+    if (ret != SSL_SUCCESS) {
+        printf("wolfSSL_CertManagerCheckCRL() failed (%d): %s\n",
+            ret, wolfSSL_ERR_reason_error_string(ret));
+        ret = -1; goto exit;
+    }
+
+    printf("CRL Verification Successful!\n");
+#endif
+
+exit:
+    if (cm) {
+        wolfSSL_CertManagerFree(cm);
+    }
+    return ret;
+}