OCSP/CRL

Added comments for the usage of OCSP_WANT_READ used with the CRL I/O callback.
2022-11-23 16:35:10 -08:00 · 2022-11-23 16:35:10 -08:00 · 88f3570fe4
parent 909fd726cd
commit 88f3570fe4
1 changed files with 8 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -13482,6 +13482,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                ret = CheckCertCRL(SSL_CM(ssl)->crl,
                                        args->dCert);
                            #ifdef WOLFSSL_NONBLOCK_OCSP
+                                /* The CRL lookup I/O callback is using the
+                                 * same WOULD_BLOCK error code as OCSP's I/O
+                                 * callback, and it is enabling it using the
+                                 * same flag. */
                                if (ret == OCSP_WANT_READ) {
                                    args->lastErr = ret;
                                    goto exit_ppc;
@ -13852,6 +13856,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                        WOLFSSL_MSG("Doing Leaf CRL check");
                        ret = CheckCertCRL(SSL_CM(ssl)->crl, args->dCert);
                    #ifdef WOLFSSL_NONBLOCK_OCSP
+                        /* The CRL lookup I/O callback is using the
+                         * same WOULD_BLOCK error code as OCSP's I/O
+                         * callback, and it is enabling it using the
+                         * same flag. */
                        if (ret == OCSP_WANT_READ) {
                            goto exit_ppc;
                        }