From 9ddb10faea23e2d2ef8772868295d9c892fcd8b7 Mon Sep 17 00:00:00 2001 From: Federico Pellegrin Date: Sun, 11 Dec 2022 05:53:24 +0100 Subject: [PATCH] tls: add method to reset used CRL (certificate revocation list) Add a method to be able to reset the CRL, otherwise any previously added CRL will stay there until the object is totally destroyed. This proves to be needed for cases when we need to delete the CRL (ie. it expired) during the lifetime of the server. --- hal/inc/tls_config.h | 7 +++++++ hal/tls/mbedtls/tls_mbedtls.c | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/hal/inc/tls_config.h b/hal/inc/tls_config.h index f4333ca6..01e6d524 100644 --- a/hal/inc/tls_config.h +++ b/hal/inc/tls_config.h @@ -296,6 +296,13 @@ TLSConfiguration_addCRL(TLSConfiguration self, uint8_t* crl, int crlLen); PAL_API bool TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename); +/** + * \brief Removes any CRL (certificate revocation list) currently in use + * + */ +PAL_API void +TLSConfiguration_resetCRL(TLSConfiguration self); + /** * Release all resource allocated by the TLSConfiguration instance * diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index f7d7127e..30a9ac19 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -475,6 +475,14 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename) return (ret == 0); } +void +TLSConfiguration_resetCRL(TLSConfiguration self) +{ + mbedtls_x509_crl_free(&(self->crl)); + mbedtls_x509_crl_init(&(self->crl)); + self->crlUpdated = Hal_getTimeInMs(); +} + void TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs) {