Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>

commit: 75475d8465660a2b3612e7ecf10fb43c79ca0c71 [log] [tgz]
author: Raoul Strackx <raoul.strackx@fortanix.com> Mon Jun 15 17:03:13 2020 +0200
committer: Raoul Strackx <raoul.strackx@fortanix.com> Wed Aug 26 11:42:52 2020 +0200
tree: 3d5537a5a557edf915c55ea4c15d1ccb5375c449
parent: 14cb46de2484f25083d2a88ef0ebff8da89433c0 [diff] [blame]
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 6f54ed0..d07241a 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt

@@ -111,7 +111,7 @@
 - crl-ec-sha*.pem: (2) server6.crt
 - crl-future.pem: (2) server6.crt + unknown
 - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
-- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
+- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
 - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
 - crt_cat_*.pem: (1+2) concatenations in various orders:
     ec = crl-ec-sha256.pem, ecfut = crl-future.pem
commit	75475d8465660a2b3612e7ecf10fb43c79ca0c71	[log] [tgz]
author	Raoul Strackx <raoul.strackx@fortanix.com>	Mon Jun 15 17:03:13 2020 +0200
committer	Raoul Strackx <raoul.strackx@fortanix.com>	Wed Aug 26 11:42:52 2020 +0200
tree	3d5537a5a557edf915c55ea4c15d1ccb5375c449
parent	14cb46de2484f25083d2a88ef0ebff8da89433c0 [diff] [blame]