From ec755f8dd9c346135e314a9d57dcb7f33df9d984 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Fri, 24 Apr 2020 15:31:18 -0500
Subject: [PATCH] Override CRL error for NO_VERIFY

---
 src/internal.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 7906c4c77..bb5067f1d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10837,6 +10837,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                     /* Do verify callback */
                     ret = DoVerifyCallback(ssl->ctx->cm, ssl, ret, args);
+                    if (ssl->options.verifyNone &&
+                              (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
+                        WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
+                        ret = ssl->error = 0;
+                    }
 
                 #ifdef WOLFSSL_ALT_CERT_CHAINS
                     /* For alternate cert chain, its okay for a CA cert to fail