- fixed - TLS: CRL is ignored

hal/tls/mbedtls/mbedtls_config.h

@@ -4,6 +4,7 @@
 /* System support */
 #define MBEDTLS_HAVE_ASM
 #define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_TIME_DATE
 #define MBEDTLS_NO_UDBL_DIVISION
 #define MBEDTLS_PLATFORM_C
 #define MBEDTLS_DEBUG_C
@@ -56,6 +57,9 @@
 /* For testing with compat.sh */
 #define MBEDTLS_FS_IO
 
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
 #include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

hal/tls/mbedtls/tls_mbedtls.c

@@ -164,7 +164,7 @@ static bool
 TLSConfiguration_setupComplete(TLSConfiguration self)
 {
     if (self->setupComplete == false) {
-        mbedtls_ssl_conf_ca_chain( &(self->conf), &(self->cacerts), NULL );
+        mbedtls_ssl_conf_ca_chain( &(self->conf), &(self->cacerts), &(self->crl) );
 
         int ret = mbedtls_ssl_conf_own_cert( &(self->conf), &(self->ownCertificate), &(self->ownKey));
 
@@ -488,7 +488,7 @@ TLSSocket_create(Socket socket, TLSConfiguration configuration, bool storeClient
 
         int ret;
 
-        mbedtls_ssl_conf_ca_chain( &(self->conf), &(configuration->cacerts), NULL );
+        mbedtls_ssl_conf_ca_chain( &(self->conf), &(configuration->cacerts), &(configuration->crl) );
 
         if (configuration->minVersion != TLS_VERSION_NOT_SELECTED) {
             /* set minimum TLS version */