Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>

commit: a4e86141f1451e8097f85a823a4426e1c1cfdf7c [log] [tgz]
author: Raoul Strackx <raoul.strackx@fortanix.com> Mon Jun 15 17:03:13 2020 +0200
committer: Raoul Strackx <raoul.strackx@fortanix.com> Mon Aug 17 09:05:03 2020 +0200
tree: b090d395aa8be2d56cb6282fefeb76607615201d
parent: c60c30eb68dd70c71f902f55eb0db69b466e7503 [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 2627224..e16ef0b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -2324,8 +2324,7 @@
         if( crt->serial.len == cur->serial.len &&
             memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
         {
-            if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
-                return( 1 );
+            return( 1 );
         }
 
         cur = cur->next;
commit	a4e86141f1451e8097f85a823a4426e1c1cfdf7c	[log] [tgz]
author	Raoul Strackx <raoul.strackx@fortanix.com>	Mon Jun 15 17:03:13 2020 +0200
committer	Raoul Strackx <raoul.strackx@fortanix.com>	Mon Aug 17 09:05:03 2020 +0200
tree	b090d395aa8be2d56cb6282fefeb76607615201d
parent	c60c30eb68dd70c71f902f55eb0db69b466e7503 [diff] [blame]