From 29a4f498f9ba23663b1aab02b3c89489eaf89675 Mon Sep 17 00:00:00 2001 From: Federico Pellegrin Date: Sun, 11 Dec 2022 05:53:24 +0100 Subject: [PATCH] tls: add method to reset used CRL (certificate revocation list) Add a method to be able to reset the CRL, otherwise any previously added CRL will stay there until the object is totally destroyed. This proves to be needed for cases when we need to delete the CRL (ie. it expired) during the lifetime of the server. --- hal/inc/tls_config.h | 7 +++++++ hal/tls/mbedtls/tls_mbedtls.c | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/hal/inc/tls_config.h b/hal/inc/tls_config.h index 9a456752..931a530c 100644 --- a/hal/inc/tls_config.h +++ b/hal/inc/tls_config.h @@ -296,6 +296,13 @@ TLSConfiguration_addCRL(TLSConfiguration self, uint8_t* crl, int crlLen); PAL_API bool TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename); +/** + * \brief Removes any CRL (certificate revocation list) currently in use + * + */ +PAL_API void +TLSConfiguration_resetCRL(TLSConfiguration self); + /** * Release all resource allocated by the TLSConfiguration instance * diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index f7d7127e..30a9ac19 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -475,6 +475,14 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename) return (ret == 0); } +void +TLSConfiguration_resetCRL(TLSConfiguration self) +{ + mbedtls_x509_crl_free(&(self->crl)); + mbedtls_x509_crl_init(&(self->crl)); + self->crlUpdated = Hal_getTimeInMs(); +} + void TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs) {