commit 40ea7de46d4cd6d5acac8eb3ee74abae1df5198b
author Paul Bakker <p.j.bakker@polarssl.org> Sun May 03 10:18:48 2009 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Sun May 03 10:18:48 2009 +0000
tree 095970930e70b45e7886d2e4039373d118c0ce5e
parent 7d06ad2b523bb2f99689ca284c860f8280e52859

 - Added CRL revocation support to x509parse_verify()
 - Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index f4d7d1a..b26e4ed 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -235,6 +235,7 @@
     rsa_context *rsa_key;               /*!<  own RSA private key     */
     x509_cert *own_cert;                /*!<  own X.509 certificate   */
     x509_cert *ca_chain;                /*!<  own trusted CA chain    */
+    x509_crl *ca_crl;                   /*!<  trusted CA CRLs         */
     x509_cert *peer_cert;               /*!<  peer X.509 cert chain   */
     char *peer_cn;                      /*!<  expected peer CN        */
 
@@ -389,12 +390,13 @@
  *
  * \param ssl      SSL context
  * \param ca_chain trusted CA chain
+ * \param ca_crl   trusted CA CRLs
  * \param peer_cn  expected peer CommonName (or NULL)
  *
  * \note           TODO: add two more parameters: depth and crl
  */
 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
-                       char *peer_cn );
+                       x509_crl *ca_crl, char *peer_cn );
 
 /**
  * \brief          Set own certificate and private key