From 9f09152d7c3e037c9ae874a3225516f1b027ada3 Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Thu, 26 May 2022 13:34:13 +0200 Subject: [PATCH] - fixed - TLS: CRL is ignored --- hal/tls/mbedtls/mbedtls_config.h | 4 ++++ hal/tls/mbedtls/tls_mbedtls.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/hal/tls/mbedtls/mbedtls_config.h b/hal/tls/mbedtls/mbedtls_config.h index d9c0a21d..4cb77222 100644 --- a/hal/tls/mbedtls/mbedtls_config.h +++ b/hal/tls/mbedtls/mbedtls_config.h @@ -4,6 +4,7 @@ /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME +#define MBEDTLS_HAVE_TIME_DATE #define MBEDTLS_NO_UDBL_DIVISION #define MBEDTLS_PLATFORM_C #define MBEDTLS_DEBUG_C @@ -56,6 +57,9 @@ /* For testing with compat.sh */ #define MBEDTLS_FS_IO +#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index 8acd533e..6603f08a 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -164,7 +164,7 @@ static bool TLSConfiguration_setupComplete(TLSConfiguration self) { if (self->setupComplete == false) { - mbedtls_ssl_conf_ca_chain( &(self->conf), &(self->cacerts), NULL ); + mbedtls_ssl_conf_ca_chain( &(self->conf), &(self->cacerts), &(self->crl) ); int ret = mbedtls_ssl_conf_own_cert( &(self->conf), &(self->ownCertificate), &(self->ownKey)); @@ -488,7 +488,7 @@ TLSSocket_create(Socket socket, TLSConfiguration configuration, bool storeClient int ret; - mbedtls_ssl_conf_ca_chain( &(self->conf), &(configuration->cacerts), NULL ); + mbedtls_ssl_conf_ca_chain( &(self->conf), &(configuration->cacerts), &(configuration->crl) ); if (configuration->minVersion != TLS_VERSION_NOT_SELECTED) { /* set minimum TLS version */