update crl files and add in compat support for RSA-PSS

certs/crl/caEcc384Crl.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBcjCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBcTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
-ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2kAMGYCMQDiAhgtXMrlvYjxh1+q
-uqluR12ThFI1k8wTdFiGF0yToo3zpoxbaN5w33vBYVUZzCYCMQD76v5cIfO8RUBc
-f5tVsV7n7fGhwMPREOw0f0nmtl+qwNWSDDegMLtTdZyYF9ERdV0=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2gAMGUCMQCjqo2bmsEzvBpsVBfA
+7CXvvAoldG0sFKW75EvAUOFZYWC92/GDULxTxzOGqg81B5ICMEeFr+vl+RMQZfju
+ZY3eOC5PKW4z1LwneOUyoKu2joHBENLhsD+tSixSHumx+kmh2g==
 -----END X509 CRL-----

certs/crl/caEccCrl.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBUTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBUDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
-86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0gAMEUCICFj5IcBuGatpURtIwMU
-hSKkP11GeUUb5crLMcBKI2u9AiEArWyOTYXvODOGebzJONGEy7UQ9d+HUba3ROqc
-aGu35HE=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
+86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0cAMEQCIFuy1ACI/xzHowxHb4+6
+Ey9EPuLVgbvwLmVVSnDiwEkAAiB8BrOHHUMxK0ZFMZoAdRBgE/p32q9FdJJfAO0n
+VnFcxg==
 -----END X509 CRL-----

certs/crl/cliCrl.pem

@@ -2,41 +2,41 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         74:17:9b:40:81:d2:a0:f3:26:68:44:5b:f8:a2:6c:3f:7e:71:
-         75:a2:7f:c6:e6:71:cb:f9:08:57:42:cd:3e:3f:ab:cd:0c:85:
-         36:45:58:8b:59:28:81:d9:b0:6b:10:4a:d0:7d:59:ad:cf:53:
-         05:cb:13:c7:c1:ec:65:64:6b:4d:e6:87:0b:ae:06:60:ab:8a:
-         3c:ae:c1:7d:ed:8f:ee:09:02:7a:3a:f2:21:bf:89:ef:cd:14:
-         b1:03:64:2d:b2:b6:45:15:da:2d:ee:2d:c0:15:3b:a8:01:a8:
-         4f:30:61:ae:99:b9:16:07:b5:8b:71:8f:38:ac:69:82:39:90:
-         92:ff:d6:41:33:3b:92:5b:f2:dd:56:5a:8f:82:d1:1f:76:ee:
-         ca:01:a2:ac:c0:22:41:dd:6e:e1:ce:06:b0:6f:bc:e2:da:91:
-         11:c1:a0:41:16:7d:ba:7e:a1:53:13:14:4b:54:3b:b9:44:cf:
-         4f:1c:ef:ce:a8:bd:e8:ab:ba:de:97:f7:b7:7d:4f:ab:7a:e7:
-         73:65:97:a1:d9:a3:f3:92:f1:95:06:6d:52:7b:6e:fd:26:56:
-         55:83:c7:71:f7:a4:8f:9a:2c:52:04:dd:9f:85:ab:9c:88:e1:
-         30:c6:4a:88:7d:20:1b:c6:47:8b:82:cc:9d:0f:51:69:b1:90:
-         b2:8a:9c:74
+         52:11:97:57:04:d7:e2:14:1f:c4:7f:a2:d8:cf:4c:b7:5b:0c:
+         d3:ac:ca:29:10:74:09:2f:3d:fb:4d:75:3e:32:21:5a:0f:41:
+         5f:cc:e7:98:f8:ea:8e:e2:c9:57:60:b6:a3:b0:70:10:18:b9:
+         86:a3:65:1e:3a:88:13:df:44:18:15:51:00:f6:33:d6:ab:90:
+         18:93:df:ac:7d:15:5c:6a:63:55:d1:4d:41:37:03:89:86:65:
+         fa:fb:d7:b1:73:db:c3:43:08:ff:89:94:89:b1:b4:ad:96:78:
+         52:92:50:8c:0a:5d:ca:29:8b:e0:bc:ca:88:c0:7a:52:48:d3:
+         cf:09:03:08:5f:a1:b9:16:b0:55:5e:11:60:7f:73:9a:98:05:
+         54:97:bf:eb:0e:04:61:4f:b4:40:23:61:9a:07:69:78:fc:16:
+         de:f4:54:04:cf:f0:2b:07:8d:51:9e:6b:b5:77:c4:13:2c:a3:
+         40:99:ed:fa:f4:00:4a:45:36:da:52:9d:dc:88:66:3e:03:f0:
+         20:ce:54:a4:56:58:a8:9e:30:78:e8:42:2d:a8:0f:9b:c4:a9:
+         ab:13:c2:4e:ec:be:2e:99:16:56:2f:22:86:96:27:1d:30:80:
+         7d:a5:f8:45:ef:93:b4:63:13:96:4f:6a:df:a0:11:3b:52:be:
+         93:03:7a:81
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaMBQwEgIBAhcNMjMxMjEzMjIxOTMzWqAO
-MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAHQXm0CB0qDzJmhEW/ii
-bD9+cXWif8bmccv5CFdCzT4/q80MhTZFWItZKIHZsGsQStB9Wa3PUwXLE8fB7GVk
-a03mhwuuBmCrijyuwX3tj+4JAno68iG/ie/NFLEDZC2ytkUV2i3uLcAVO6gBqE8w
-Ya6ZuRYHtYtxjzisaYI5kJL/1kEzO5Jb8t1WWo+C0R927soBoqzAIkHdbuHOBrBv
-vOLakRHBoEEWfbp+oVMTFEtUO7lEz08c786oveirut6X97d9T6t653Nll6HZo/OS
-8ZUGbVJ7bv0mVlWDx3H3pI+aLFIE3Z+Fq5yI4TDGSoh9IBvGR4uCzJ0PUWmxkLKK
-nHQ=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQwEgIBAhcNMjQwMTA5MDAzNDMwWqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAFIRl1cE1+IUH8R/otjP
+TLdbDNOsyikQdAkvPftNdT4yIVoPQV/M55j46o7iyVdgtqOwcBAYuYajZR46iBPf
+RBgVUQD2M9arkBiT36x9FVxqY1XRTUE3A4mGZfr717Fz28NDCP+JlImxtK2WeFKS
+UIwKXcopi+C8yojAelJI088JAwhfobkWsFVeEWB/c5qYBVSXv+sOBGFPtEAjYZoH
+aXj8Ft70VATP8CsHjVGea7V3xBMso0CZ7fr0AEpFNtpSndyIZj4D8CDOVKRWWKie
+MHjoQi2oD5vEqasTwk7svi6ZFlYvIoaWJx0wgH2l+EXvk7RjE5ZPat+gETtSvpMD
+eoE=
 -----END X509 CRL-----

certs/crl/crl.pem

@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
 -----END X509 CRL-----

certs/crl/crl.revoked

@@ -2,43 +2,43 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         72:6e:a4:64:36:6b:e8:e0:c5:1d:98:ef:ab:7e:7a:14:f2:8d:
-         99:d0:57:4b:76:ac:f4:89:60:cd:89:23:9d:01:34:f3:83:e5:
-         82:21:b3:48:c4:42:25:7f:ea:9f:74:5f:e8:b8:d6:71:bb:a2:
-         39:d8:ef:46:a8:13:ba:7d:44:ab:d6:13:65:18:de:b5:03:85:
-         a7:c6:4f:0a:a0:6a:78:ba:7b:f7:ce:6e:ba:1c:ef:6f:b1:04:
-         a8:ac:c6:de:3b:76:77:3e:3d:8b:ae:8b:2b:7e:c9:4f:77:31:
-         7f:1f:f5:04:2c:e9:cf:a1:56:c2:59:e9:be:49:9f:e8:67:a3:
-         42:66:05:21:02:64:82:b2:74:a7:4b:89:89:7d:43:1a:41:fd:
-         53:8c:d6:4f:27:04:2a:48:6b:9e:62:fa:4a:42:83:22:53:3f:
-         53:07:4f:bc:cd:8d:8d:cc:15:c6:ff:3c:af:7d:db:ab:dd:fa:
-         8f:65:86:86:2a:89:5e:3f:d5:4b:39:80:78:3f:6e:38:3b:6d:
-         a5:5e:2c:9e:1d:2f:9c:62:12:b1:34:f2:95:64:37:dc:4b:20:
-         dc:27:f3:de:81:67:b2:04:b0:14:b9:47:e3:65:e3:2f:35:27:
-         c2:fc:22:db:24:bd:04:58:88:17:e3:42:3c:a5:ef:53:39:15:
-         54:52:ac:a1
+         35:50:96:da:71:71:90:d5:b7:37:5a:a6:b9:09:07:2f:af:c9:
+         e0:02:32:6a:43:6e:20:ec:20:a4:ac:d0:39:a9:19:35:d0:d2:
+         6f:bb:d1:cd:46:10:a7:cb:8a:be:0a:02:a2:91:f5:29:74:ee:
+         34:83:a3:8c:a0:ca:39:af:94:4a:23:d7:56:57:6b:cc:c6:eb:
+         b0:ce:9f:0a:e1:b0:a8:12:6b:6a:8b:21:73:22:6f:49:41:cd:
+         fd:85:44:d1:fa:52:6b:2f:b2:2b:02:e7:43:0e:f1:92:bc:15:
+         8f:22:28:49:25:69:93:d8:50:10:2f:93:e2:f5:b0:31:5c:eb:
+         1a:35:e2:40:83:25:87:55:4d:c0:85:06:37:9e:23:44:80:a1:
+         f9:e2:eb:9c:90:28:7a:71:d8:55:a2:8b:70:32:31:33:26:70:
+         fe:1d:11:d5:4b:c1:04:47:19:59:44:8f:0b:0a:ec:d6:62:40:
+         8a:6f:67:2e:6a:50:38:54:35:c9:f8:d5:ec:e8:ae:93:88:3d:
+         a0:40:81:2c:e0:fe:f7:c8:68:24:8e:41:04:88:af:94:82:97:
+         75:e5:69:4c:22:1d:f9:67:53:a3:4c:a3:db:bf:55:08:e7:3a:
+         07:67:a2:28:25:63:af:f8:0e:c7:d3:c1:77:ef:20:20:20:63:
+         9e:5c:22:81
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEyMTMyMjE5MzNa
-Fw0yNjA5MDgyMjE5MzNaMCgwEgIBARcNMjMxMjEzMjIxOTMzWjASAgECFw0yMzEy
-MTMyMjE5MzNaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAcm6k
-ZDZr6ODFHZjvq356FPKNmdBXS3as9IlgzYkjnQE084PlgiGzSMRCJX/qn3Rf6LjW
-cbuiOdjvRqgTun1Eq9YTZRjetQOFp8ZPCqBqeLp7985uuhzvb7EEqKzG3jt2dz49
-i66LK37JT3cxfx/1BCzpz6FWwlnpvkmf6GejQmYFIQJkgrJ0p0uJiX1DGkH9U4zW
-TycEKkhrnmL6SkKDIlM/UwdPvM2NjcwVxv88r33bq936j2WGhiqJXj/VSzmAeD9u
-ODttpV4snh0vnGISsTTylWQ33Esg3Cfz3oFnsgSwFLlH42XjLzUnwvwi2yS9BFiI
-F+NCPKXvUzkVVFKsoQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAxMDkwMDM0MzBa
+Fw0yNjEwMDUwMDM0MzBaMCgwEgIBARcNMjQwMTA5MDAzNDMwWjASAgECFw0yNDAx
+MDkwMDM0MzBaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEANVCW
+2nFxkNW3N1qmuQkHL6/J4AIyakNuIOwgpKzQOakZNdDSb7vRzUYQp8uKvgoCopH1
+KXTuNIOjjKDKOa+USiPXVldrzMbrsM6fCuGwqBJraoshcyJvSUHN/YVE0fpSay+y
+KwLnQw7xkrwVjyIoSSVpk9hQEC+T4vWwMVzrGjXiQIMlh1VNwIUGN54jRICh+eLr
+nJAoenHYVaKLcDIxMyZw/h0R1UvBBEcZWUSPCwrs1mJAim9nLmpQOFQ1yfjV7Oiu
+k4g9oECBLOD+98hoJI5BBIivlIKXdeVpTCId+WdTo0yj279VCOc6B2eiKCVjr/gO
+x9PBd+8gICBjnlwigQ==
 -----END X509 CRL-----

certs/crl/crl2.pem

@@ -2,79 +2,79 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
 -----END X509 CRL-----
 Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         38:bd:b1:ed:0c:8b:5d:f2:e3:de:48:7b:03:16:a7:09:4c:98:
-         03:9d:a7:50:1d:56:57:a6:6f:e1:7d:4c:32:31:f3:55:28:4a:
-         d3:b5:55:a7:7d:f8:43:46:cf:7c:64:66:2e:0e:bc:e6:43:41:
-         c1:b8:b4:a0:db:68:92:3b:d4:a1:ef:47:44:fe:f6:e4:33:45:
-         18:62:cb:e5:04:44:44:07:83:e4:62:c4:d0:52:63:94:b0:1a:
-         43:bf:01:91:de:05:66:ae:6d:88:78:94:d9:c6:5e:a9:28:52:
-         93:2b:24:00:3f:d3:f7:6c:ca:27:b6:9b:8e:8f:61:a3:ac:3b:
-         e5:62:54:09:6f:c5:52:fb:87:9a:36:e0:51:14:5d:52:f9:42:
-         48:f1:18:20:bf:b3:98:c2:d4:a2:55:9e:7e:42:9b:01:59:fc:
-         64:3c:bb:05:46:09:ab:16:8a:f8:08:b7:f7:3d:01:8e:1b:60:
-         ba:e0:8f:e8:fe:6b:38:bc:23:af:52:31:bc:f3:a0:60:71:c4:
-         9a:29:49:46:5b:c2:f8:ff:c9:f6:8a:1a:c6:5c:9f:e5:bb:c0:
-         bf:6e:7b:26:8b:5a:6a:91:80:82:40:2e:48:96:b7:6a:8f:74:
-         75:6d:54:d7:4d:2a:81:7f:01:02:bd:6e:cf:37:50:de:bb:52:
-         b6:40:eb:ad
+         48:97:27:ce:47:2d:c9:e5:a9:7d:ac:6a:36:29:92:0d:bf:b7:
+         17:04:cb:7b:1c:a1:ce:e8:45:6d:c8:b9:a2:81:16:74:9d:b1:
+         b5:06:5f:46:64:06:74:e4:6a:79:13:27:a2:ed:f4:7e:73:0b:
+         c4:6e:99:9a:35:a7:8b:02:69:92:6d:80:da:dd:5c:fd:05:e0:
+         0e:4b:ee:5b:55:5c:a7:d0:c2:83:f3:41:62:86:f1:b3:f2:67:
+         48:6b:b2:3e:3f:b2:1d:aa:63:54:3a:43:62:9a:9e:87:ef:49:
+         36:dc:29:36:74:8b:7d:d7:04:b8:38:6d:55:5a:56:db:a1:72:
+         cf:bd:9f:cc:b4:59:f4:65:06:fb:a4:80:48:98:1c:1f:c9:b8:
+         c6:b2:3e:47:c5:2f:f3:f4:ca:45:97:4c:20:08:72:90:5f:c3:
+         e9:b8:4d:04:4b:1c:43:7d:b0:e3:34:59:9c:5f:db:ad:c3:87:
+         11:3f:eb:8c:75:5f:2f:b8:84:12:c1:73:f1:ec:f8:2e:36:b9:
+         5d:3e:a9:9d:70:dd:24:84:77:de:29:b8:73:39:70:6b:44:91:
+         cb:bf:b5:fc:b8:6f:93:75:8c:58:f4:aa:79:8f:70:24:5d:75:
+         19:e7:9a:08:6a:8e:cd:8d:cc:17:d2:6f:76:d5:40:99:1c:e8:
+         53:99:4e:f0
 -----BEGIN X509 CRL-----
 MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQsFAAOCAQEAOL2x7QyLXfLj3kh7AxanCUyYA52nUB1WV6Zv4X1MMjHzVShK
-07VVp334Q0bPfGRmLg685kNBwbi0oNtokjvUoe9HRP725DNFGGLL5QRERAeD5GLE
-0FJjlLAaQ78Bkd4FZq5tiHiU2cZeqShSkyskAD/T92zKJ7abjo9ho6w75WJUCW/F
-UvuHmjbgURRdUvlCSPEYIL+zmMLUolWefkKbAVn8ZDy7BUYJqxaK+Ai39z0Bjhtg
-uuCP6P5rOLwjr1IxvPOgYHHEmilJRlvC+P/J9ooaxlyf5bvAv257JotaapGAgkAu
-SJa3ao90dW1U100qgX8BAr1uzzdQ3rtStkDrrQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEASJcnzkctyeWpfaxqNimSDb+3FwTLexyhzuhFbci5ooEWdJ2x
+tQZfRmQGdORqeRMnou30fnMLxG6ZmjWniwJpkm2A2t1c/QXgDkvuW1Vcp9DCg/NB
+Yobxs/JnSGuyPj+yHapjVDpDYpqeh+9JNtwpNnSLfdcEuDhtVVpW26Fyz72fzLRZ
+9GUG+6SASJgcH8m4xrI+R8Uv8/TKRZdMIAhykF/D6bhNBEscQ32w4zRZnF/brcOH
+ET/rjHVfL7iEEsFz8ez4Lja5XT6pnXDdJIR33im4czlwa0SRy7+1/Lhvk3WMWPSq
+eY9wJF11GeeaCGqOzY3MF9JvdtVAmRzoU5lO8A==
 -----END X509 CRL-----

certs/crl/crl_rsapss.pem

@@ -1,16 +1,53 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: rsassaPss         
+         Hash Algorithm: sha256
+         Mask Algorithm: mgf1 with sha256
+          Salt Length: 0x20
+         Trailer Field: 0xBC (default)
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                13
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: rsassaPss         
+         Hash Algorithm: sha256
+         Mask Algorithm: mgf1 with sha256
+          Salt Length: 0x20
+         Trailer Field: 0xBC (default)
+
+         68:74:81:f0:7e:55:bb:ea:38:4e:ae:d5:b2:b6:c2:6a:53:fa:
+         2a:23:07:d0:b8:76:66:74:cb:ba:e7:b2:66:ac:19:1d:b5:ba:
+         ab:e7:de:f2:84:10:e5:df:57:ea:19:f4:2c:af:d8:61:b3:09:
+         31:e4:b3:94:08:65:52:03:b4:5c:7b:d0:44:37:59:df:d3:13:
+         09:f7:da:34:a1:d0:8d:e8:c7:73:05:60:15:a2:ef:a1:94:31:
+         0b:a7:ee:3d:25:12:19:6a:e5:29:30:3c:97:82:ed:a5:db:f3:
+         54:7f:2a:73:c2:be:0d:25:30:9b:d4:c0:77:99:db:55:dd:d2:
+         f7:88:d0:8b:74:66:00:65:14:d6:c6:4c:a8:de:cf:54:19:bf:
+         3a:d9:6a:80:4a:85:87:f6:ec:3d:3d:01:67:54:ea:82:7f:d5:
+         c3:37:3b:c3:d0:82:ce:01:30:bf:30:a0:c2:04:70:ab:5b:02:
+         05:2f:ca:f1:e2:49:d3:50:04:e4:f2:77:08:16:5a:45:95:6c:
+         c9:80:72:a7:e6:b6:97:d4:22:5d:b7:f9:3a:5e:d0:be:6a:53:
+         44:35:fc:e9:45:3b:56:4a:1d:06:38:8e:5b:1b:fe:a2:0b:5b:
+         c2:5d:5e:99:84:7e:ba:c4:5c:b5:43:1d:a2:9b:b3:05:bd:33:
+         38:8e:2c:e8
 -----BEGIN X509 CRL-----
-MIICbjCCASYCAQEwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NM
-X1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
-MDUyMjM0MDNaFw0yNjEwMDEyMjM0MDNaMBQwEgIBAhcNMjQwMTA1MjIzNDAzWqAO
-MAwwCgYDVR0UBAMCAQMwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY
-BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBADcOR4Ay7OIHoQeH9AJ9
-y26uPqALflnmCTv8uUKkPhWvPoXZpAF7Sq0xCFAyYxbEtonLV0yQMWlPJWYtr3w8
-R6GIa+9A2iFR0MiDD/pppgIem+aP2DK72HObH96CgM5vRLlQ3ti8g72wfVVTZdi5
-G6QX1tZH8M8FMRcGyyiFeMaA1fLVry0uAyer9bIqPQ1JZ7VE1GzFnVByQ+BtPK8b
-8OSIZud1VvxgETKYkRjvzA+fOwz/J4sum2MS4oLMXZ4DOt3RKDzqXc8o5NpZGOah
-ViGgZLWhsCeuBqmJV9+gHJUDv4EFnE4UE6U75qZvkKgSvYxNL7u9sNSU8tu7a+Ay
-oxw=
+MIICgzCCATsCAQEwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwgbIxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NM
+X1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJ
+k/IsZAEBDAd3b2xmU1NMFw0yNDAxMDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQw
+EgIBARcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0UBAMCAQ0wPQYJKoZIhvcNAQEK
+MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
+ASADggEBAGh0gfB+VbvqOE6u1bK2wmpT+iojB9C4dmZ0y7rnsmasGR21uqvn3vKE
+EOXfV+oZ9Cyv2GGzCTHks5QIZVIDtFx70EQ3Wd/TEwn32jSh0I3ox3MFYBWi76GU
+MQun7j0lEhlq5SkwPJeC7aXb81R/KnPCvg0lMJvUwHeZ21Xd0veI0It0ZgBlFNbG
+TKjez1QZvzrZaoBKhYf27D09AWdU6oJ/1cM3O8PQgs4BML8woMIEcKtbAgUvyvHi
+SdNQBOTydwgWWkWVbMmAcqfmtpfUIl23+Tpe0L5qU0Q1/OlFO1ZKHQY4jlsb/qIL
+W8JdXpmEfrrEXLVDHaKbswW9MziOLOg=
 -----END X509 CRL-----

certs/crl/eccCliCRL.pem

@@ -2,25 +2,25 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 9
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:dc:a7:bf:34:1b:68:b6:54:0c:38:8d:46:41:
-         84:bf:fa:f0:96:00:89:a6:81:4a:0f:15:12:ef:15:98:f7:51:
-         95:02:20:08:57:33:0d:c1:a5:c6:83:63:49:96:8c:71:41:7b:
-         40:92:67:80:d6:23:62:2a:c2:f2:43:5a:92:9b:9b:d6:83
+         30:45:02:20:3b:07:f1:6c:fb:19:62:f2:56:2a:5c:21:a3:7d:
+         bf:06:33:3e:b4:53:01:f3:f5:0e:e6:ca:f5:b9:26:7e:4d:ca:
+         02:21:00:dd:04:d6:b1:18:01:b7:d6:ca:d9:7b:29:53:cf:9e:
+         ad:38:ef:fa:70:2c:41:74:ba:ce:e6:77:1f:22:86:f0:e3
 -----BEGIN X509 CRL-----
 MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIx
-OTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
-SM49BAMCA0gAMEUCIQDcp780G2i2VAw4jUZBhL/68JYAiaaBSg8VEu8VmPdRlQIg
-CFczDcGlxoNjSZaMcUF7QJJngNYjYirC8kNakpub1oM=
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1MDAz
+NDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0gAMEUCIDsH8Wz7GWLyVipcIaN9vwYzPrRTAfP1DubK9bkmfk3KAiEA
+3QTWsRgBt9bK2XspU8+erTjv+nAsQXS6zuZ3HyKG8OM=
 -----END X509 CRL-----

certs/crl/eccSrvCRL.pem

@@ -2,25 +2,25 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 10
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:a9:26:ab:1a:4a:be:5c:92:da:9d:17:0a:b5:
-         f6:40:ea:84:93:ce:57:b8:af:68:75:e8:e9:de:a7:27:e7:79:
-         48:02:20:11:d4:03:97:19:2a:28:04:70:28:bb:5e:6a:b7:f6:
-         32:90:f1:92:ff:48:7c:cf:e7:94:0f:ce:63:de:f8:fc:6c
+         30:45:02:20:4e:83:3e:21:ee:69:a6:f2:7e:87:45:10:5c:60:
+         ad:24:49:1e:0f:9e:1f:81:03:00:43:a9:e6:1b:63:27:3f:6b:
+         02:21:00:b2:7f:bd:3d:af:c4:f5:ff:82:3f:b7:6a:56:25:7c:
+         07:85:54:d9:19:44:42:60:b4:8a:e3:55:f4:a4:96:c7:d1
 -----BEGIN X509 CRL-----
 MIIBPzCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4
-MjIxOTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEKMAoG
-CCqGSM49BAMCA0gAMEUCIQCpJqsaSr5cktqdFwq19kDqhJPOV7ivaHXo6d6nJ+d5
-SAIgEdQDlxkqKARwKLtearf2MpDxkv9IfM/nlA/OY974/Gw=
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1
+MDAzNDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEKMAoG
+CCqGSM49BAMCA0gAMEUCIE6DPiHuaabyfodFEFxgrSRJHg+eH4EDAEOp5htjJz9r
+AiEAsn+9Pa/E9f+CP7dqViV8B4VU2RlEQmC0iuNV9KSWx9E=
 -----END X509 CRL-----

certs/crl/extra-crls/ca-int-cert-revoked.pem

@@ -2,12 +2,12 @@
 MIICBTCB7gIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFTATAgIQABcNMjMxMjEzMjIxOTMzWqAOMAwwCgYDVR0U
-BAMCAQUwDQYJKoZIhvcNAQELBQADggEBACmOUprDH201Mv2gW5wiighBTzH10Lwv
-tKJtoehgsTPgsWPk7BaDTsgzLqrk5g7Nlhe1by5UNGgRbHNBzK+TQgeOtdEE0npr
-PITh7Kmtk8rAKygYjDHPtamJLc0oJcpRkVIB7PiyKs8LUlVr+Cv3m6F5I9K5pxc8
-9FXVlrVfAuN8KDC68SPlmpCsWh8v11lXRyy7sMg/ScLvBxTYiehe54kS/IUnjx1E
-eKbgRGKf0alznvdQizMhkX4XJ1gbxdeAzbxO0vsCdgevj4uSyizYKzuMkilqzure
-KGgSLade8ZwS952XPRLHGmPEeVfaDs5qdXBC6Ov9Tg+IVfmY9FO2Tp4=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFTATAgIQABcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0U
+BAMCAQUwDQYJKoZIhvcNAQELBQADggEBAHeXXNQirv4s301n52RKjlA2GgYMtqKU
+pNmZhFVY91LH4JUb93+iHfeBACD7ELUF0lHY6WEk26cL9JU3+2PKE/CqhmLtmtLE
+hksE55zfOep+WzeQrngJTEJrsS5ptkCI38NX7uzOn1PC5bX70LdzC4v8wZpZuxCf
+VVgORds34s8Hdwq5Scx2qdgip3XTPoxJYIG+iBRp1zg9DM/RIOgCtSISkB9AU2wJ
+obFgLNAuhJue6swyo4rj++V6g38ojrZoknwmgZ3qIo4AwZt5o1UhVBkJbXYpbyi6
+bDlDuvJ2SNoaAcGsNjT8Opy61ti729wI/hOqUDn0WqsinFhljpRqW04=
 -----END X509 CRL-----

certs/crl/extra-crls/general-server-crl.pem

@@ -2,12 +2,12 @@
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgEBFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAkoJhgjUEmUasZKFCVTZ0yLC+AoCpm10E
-den4O2yCm6N6NNlOuCbJr34iHSFHeS4Dal0phM6fl6wQTiC5zdVlG4Tnq+RlBVNk
-/15jGnjTH20bEc+2KS855GvTe9LhP/HgwS1usLhfR8YwVMSFL2NbFO+HEMD9ULx5
-UkGg9I9ehAcp42uR8RpWkeoLoWzbiw+YaBNZPdzYIylW4RqeLX3D+QhDGEnk3pR/
-Zvl3NcmLKMghXy9hMFEqu0A/G0lC5U2Oo+7jWcjO2Kn8QzCfbXrieIJ/0R4i2tUj
-wtmZ4mKVqaD66x/mSXYPpX52p5RTD7R3k+04w9FzLk73LuM69WQr5w==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgEBFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAWFcHDGDzEVttKWzvWv88rkJhBQihzcbm
+I5qlXrccNXrC+7fqHcXp2crCE0o75tnrXkcAL7YWeKcO1SkfIuyd84N73JrEECmf
+MaJEVgQrGmuqyLk8p3cq+Rqomyc1KxpxIzUkX7BL6ZCMZGWvvybcA51F+zX+9cMa
+jAFR7Ta9byN+TyrDDxecqhGgs/hjfTdXg2NABZjLjFZ3Eo4JO7aio6DgCygIncZX
+46xDMqYnl0fOl6+GNBmRdt16O3LXNRFJyvFx/sXBmAVa3/Sfq7UoF+zyT/k0zInu
+qfwBkM/hdrpfH2ZyzyDHC4/NXOv/tLZWfbakXAUWZpRx04Wyi8WKyw==
 -----END X509 CRL-----

certs/crl/gencrls.sh

@@ -56,10 +56,6 @@ echo "Step 3"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
 check_result $?
 
-echo "Step 3 RSA-PSS"
-openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl_rsapss.pem -keyfile ../rsapss/root-rsapss-priv.pem -cert ../rsapss/root-rsapss.pem
-check_result $?
-
 # metadata
 echo "Step 4"
 openssl crl -in crl.pem -text > tmp
@@ -206,4 +202,21 @@ echo "Step 26"
 openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
 openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
 
+# clear state for RSA-PSS revoke
+cp blank.index.txt demoCA/index.txt
+
+echo "Step 27 RSA-PSS revoke"
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../rsapss/server-rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+echo "Step 28 RSA-PSS"
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl_rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+# metadata
+echo "Step 29"
+openssl crl -in crl_rsapss.pem -text > tmp
+check_result $?
+mv tmp crl_rsapss.pem
+
 exit 0

src/crl.c

@@ -138,6 +138,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
         crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
         crle->signatureSz = dcrl->sigLength;
         crle->signatureOID = dcrl->signatureOID;
+        crle->sigParamsSz = dcrl->sigParamsLength;
         crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
                                           DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->toBeSigned == NULL)
@@ -149,6 +150,20 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
             crle->toBeSigned = NULL;
             return -1;
         }
+
+        if (dcrl->sigParamsLength > 0) {
+            crle->sigParams = (byte*)XMALLOC(crle->sigParamsSz, heap,
+                                             DYNAMIC_TYPE_CRL_ENTRY);
+            if (crle->sigParams== NULL) {
+                XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->toBeSigned = NULL;
+                XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->signature = NULL;
+                return -1;
+            }
+            XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
+                crle->sigParamsSz);
+        }
         XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
         XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
     #ifndef NO_SKID
@@ -206,6 +221,8 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
         XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
     if (crle->toBeSigned != NULL)
         XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    if (crle->sigParams != NULL)
+        XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
 #if defined(OPENSSL_EXTRA)
     if (crle->issuer != NULL) {
         FreeX509Name(crle->issuer);
@@ -338,16 +355,19 @@ static int VerifyCRLE(const WOLFSSL_CRL* crl, CRL_Entry* crle)
 
     ret = VerifyCRL_Signature(&sigCtx, crle->toBeSigned, crle->tbsSz,
             crle->signature, crle->signatureSz, crle->signatureOID,
+        #ifdef WC_RSA_PSS
+            crle->sigParams, crle->sigParamsSz,
+        #else
+            NULL, 0,
+        #endif
+            ca, crl->heap);
 
-            /* @TODO RSA PSS params */ NULL, 0,
-
-            ca,
-            crl->heap);
-
-    if (ret == 0)
+    if (ret == 0) {
         crle->verified = 1;
-    else
+    }
+    else {
         crle->verified = ret;
+    }
 
     return ret;
 }
@@ -739,11 +759,15 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
                                           DYNAMIC_TYPE_CRL_ENTRY);
         dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
-        if (dupl->toBeSigned == NULL || dupl->signature == NULL) {
+        dupl->sigParams = (byte*)XMALLOC(dupl->sigParamsSz, heap,
+                                         DYNAMIC_TYPE_CRL_ENTRY);
+        if (dupl->toBeSigned == NULL || dupl->signature == NULL ||
+                dupl->sigParams == NULL) {
             CRL_Entry_free(dupl, heap);
             return NULL;
         }
         XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz);
+        XMEMCPY(dupl->sigParams, ent->sigParams, dupl->sigParamsSz);
         XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz);
     }
     else {
@@ -751,6 +775,10 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
         dupl->tbsSz = 0;
         dupl->signature = NULL;
         dupl->signatureSz = 0;
+#ifdef WC_RSA_PSS
+        dupl->sigParams = NULL;
+        dupl->sigParamsSz = 0;
+#endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
         dupl->extAuthKeyIdSet = 0;
 #endif

tests/api.c

@@ -3046,7 +3046,7 @@ static int test_wolfSSL_CertManagerCRL(void)
     const char* crl2     = "./certs/crl/crl2.pem";
 #ifdef WC_RSA_PSS
     const char* crl_rsapss = "./certs/crl/crl_rsapss.pem";
-    const char* ca_rsapss  = "certs/rsapss/root-rsapss.pem";
+    const char* ca_rsapss  = "certs/rsapss/ca-rsapss.pem";
 #endif
     const unsigned char crl_buff[] = {
         0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02,
@@ -54537,6 +54537,9 @@ static int test_wolfSSL_X509_load_crl_file(void)
         "./certs/crl/caEccCrl.pem",
         "./certs/crl/eccCliCRL.pem",
         "./certs/crl/eccSrvCRL.pem",
+    #ifdef WC_RSA_PSS
+        "./certs/crl/crl_rsapss.pem",
+    #endif
         ""
     };
     char der[][100] = {
@@ -54552,6 +54555,10 @@ static int test_wolfSSL_X509_load_crl_file(void)
 
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
+#ifdef WC_RSA_PSS
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem",
+        X509_FILETYPE_PEM), 1);
+#endif
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
         X509_FILETYPE_PEM), 1);
     if (store) {
@@ -54572,6 +54579,11 @@ static int test_wolfSSL_X509_load_crl_file(void)
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
             CRL_CERT_REVOKED);
+#ifdef WC_RSA_PSS
+        ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
+            "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
+            CRL_CERT_REVOKED);
+#endif
     }
     /* once feeing store */
     X509_STORE_free(store);

wolfssl/internal.h

@@ -2500,8 +2500,8 @@ struct CRL_Entry {
     word32  signatureSz;
     word32  signatureOID;
 #ifdef WC_RSA_PSS
-    word32  sigParamsIndex;         /* start of signature parameters    */
-    word32  sigParamsLength;        /* length of signature parameters   */
+    word32  sigParamsSz; /* length of signature parameters   */
+    byte*   sigParams;   /* buffer with signature parameters */
 #endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
     byte    extAuthKeyIdSet;