tls: add method to reset used CRL (certificate revocation list)

Add a method to be able to reset the CRL, otherwise any previously added CRL will stay there until the object is totally destroyed. This proves to be needed for cases when we need to delete the CRL (ie. it expired) during the lifetime of the server.
3 years ago · 29a4f498f9
parent ba18d18c8d
commit 29a4f498f9
2 changed files with 15 additions and 0 deletions
--- a/hal/inc/tls_config.h
+++ b/hal/inc/tls_config.h
@ -296,6 +296,13 @@ TLSConfiguration_addCRL(TLSConfiguration self, uint8_t* crl, int crlLen);
 PAL_API bool
 TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename);

+/**
+ * \brief Removes any CRL (certificate revocation list) currently in use
+ *
+ */
+PAL_API void
+TLSConfiguration_resetCRL(TLSConfiguration self);
+
 /**
 * Release all resource allocated by the TLSConfiguration instance
 *
--- a/hal/tls/mbedtls/tls_mbedtls.c
+++ b/hal/tls/mbedtls/tls_mbedtls.c
@ -475,6 +475,14 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename)
    return (ret == 0);
 }

+void
+TLSConfiguration_resetCRL(TLSConfiguration self)
+{
+    mbedtls_x509_crl_free(&(self->crl));
+    mbedtls_x509_crl_init(&(self->crl));
+    self->crlUpdated = Hal_getTimeInMs();
+}
+
 void
 TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs)
 {