commit 40ea7de46d4cd6d5acac8eb3ee74abae1df5198b
author Paul Bakker <p.j.bakker@polarssl.org> Sun May 03 10:18:48 2009 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Sun May 03 10:18:48 2009 +0000
tree 095970930e70b45e7886d2e4039373d118c0ce5e
parent 7d06ad2b523bb2f99689ca284c860f8280e52859

 - Added CRL revocation support to x509parse_verify()
 - Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code

include/polarssl/x509.h

diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index c0a50b7..b7b971c 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -60,6 +60,8 @@
 #define BADCERT_REVOKED                 2
 #define BADCERT_CN_MISMATCH             4
 #define BADCERT_NOT_TRUSTED             8
+#define BADCRL_NOT_TRUSTED             16
+#define BADCRL_EXPIRED                 32
 
 /*
  * DER constants
@@ -335,16 +337,17 @@
 int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl );
 
 /**
- * \brief          Return 0 if the certificate is still valid,
- *                 or BADCERT_EXPIRED
+ * \brief          Return 0 if the x509_time is still valid,
+ *                 or 1 otherwise.
  */
-int x509parse_expired( x509_cert *crt );
+int x509parse_time_expired( x509_time *time );
 
 /**
  * \brief          Verify the certificate signature
  *
  * \param crt      a certificate to be verified
  * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
  * \param cn       expected Common Name (can be set to
  *                 NULL if the CN must not be verified)
  * \param flags    result of the verification
@@ -361,6 +364,7 @@
  */
 int x509parse_verify( x509_cert *crt,
                       x509_cert *trust_ca,
+                      x509_crl *ca_crl,
                       char *cn, int *flags );
 
 /**