diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index bdf1d49f0..c1a9d5f05 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -10012,6 +10012,85 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm, int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb); +/*! + \ingroup CertManager + \brief This function sets the CRL Update callback. If + HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same + issuer and a lower CRL number exists when a CRL is added, then the + CbUpdateCRL is called with the details of the existing entry and the + new one replacing it. + + \return SSL_SUCCESS returned upon successful execution of the function and + subroutines. + \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL. + + \param cm the WOLFSSL_CERT_MANAGER structure holding the information for + the certificate. + \param cb a function pointer to (*CbUpdateCRL) that is set to the + cbUpdateCRL member of the WOLFSSL_CERT_MANAGER. + Signature requirement: + void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new); + + _Example_ + \code + #include + + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method); + WOLFSSL* ssl = wolfSSL_new(ctx); + … + void cb(CrlInfo *old, CrlInfo *new){ + Function body. + } + … + CbUpdateCRL cb = CbUpdateCRL; + … + if(ctx){ + return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb); + } + \endcode + + \sa CbUpdateCRL +*/ +int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, + CbUpdateCRL cb); + +/*! + \ingroup CertManager + \brief This function yields a structure with parsed CRL information from + an encoded CRL buffer. + + \return SSL_SUCCESS returned upon successful execution of the function and + subroutines. + \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL. + + \param cm the WOLFSSL_CERT_MANAGER structure.. + \param info pointer to caller managed CrlInfo structure that will receive + the CRL information. + \param buff input buffer containing encoded CRL. + \param sz the length in bytes of the input CRL data in buff. + \param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER + + _Example_ + \code + #include + + CrlInfo info; + WOLFSSL_CERT_MANAGER* cm = NULL; + + cm = wolfSSL_CertManagerNew(); + + // Read crl data from file into buffer + + wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen, + WOLFSSL_FILETYPE_PEM); + \endcode + + \sa CbUpdateCRL + \sa wolfSSL_SetCRL_Cb +*/ +int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info, + const byte* buff, long sz, int type) + /*! \ingroup CertManager \brief This function frees the CRL stored in the Cert Manager. An diff --git a/src/crl.c b/src/crl.c index e0b443ecf..e4ec5585e 100644 --- a/src/crl.c +++ b/src/crl.c @@ -560,7 +560,8 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) } #ifdef HAVE_CRL_UPDATE_CB -static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info) { +static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info) +{ info->issuerHash = (byte *)entry->issuerHash; info->issuerHashLen = CRL_DIGEST_SIZE; info->lastDate = (byte *)entry->lastDate; @@ -572,7 +573,8 @@ static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info) { info->crlNumber = (sword32)entry->crlNumber; } -static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) { +static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) +{ info->issuerHash = (byte *)entry->issuerHash; info->issuerHashLen = SIGNER_DIGEST_SIZE; info->lastDate = (byte *)entry->lastDate;