123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788 |
- /* crl.c
- *
- * Copyright (C) 2006-2014 wolfSSL Inc.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <cyassl/ctaocrypt/settings.h>
- #ifdef HAVE_CRL
- #include <cyassl/internal.h>
- #include <cyassl/error-ssl.h>
- #include <dirent.h>
- #include <sys/stat.h>
- #include <string.h>
- #ifdef HAVE_CRL_MONITOR
- static int StopMonitor(int mfd);
- #endif
- /* Initialze CRL members */
- int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
- {
- CYASSL_ENTER("InitCRL");
- crl->cm = cm;
- crl->crlList = NULL;
- crl->monitors[0].path = NULL;
- crl->monitors[1].path = NULL;
- #ifdef HAVE_CRL_MONITOR
- crl->tid = 0;
- crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
- #endif
- if (InitMutex(&crl->crlLock) != 0)
- return BAD_MUTEX_E;
- return 0;
- }
- /* Initialze CRL Entry */
- static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
- {
- CYASSL_ENTER("InitCRL_Entry");
- XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
- /* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
- * copy the hash here if needed for optimized comparisons */
- XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
- XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
- crle->lastDateFormat = dcrl->lastDateFormat;
- crle->nextDateFormat = dcrl->nextDateFormat;
- crle->certs = dcrl->certs; /* take ownsership */
- dcrl->certs = NULL;
- crle->totalCerts = dcrl->totalCerts;
- return 0;
- }
- /* Free all CRL Entry resources */
- static void FreeCRL_Entry(CRL_Entry* crle)
- {
- RevokedCert* tmp = crle->certs;
- CYASSL_ENTER("FreeCRL_Entry");
- while(tmp) {
- RevokedCert* next = tmp->next;
- XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
- tmp = next;
- }
- }
- /* Free all CRL resources */
- void FreeCRL(CYASSL_CRL* crl, int dynamic)
- {
- CRL_Entry* tmp = crl->crlList;
- CYASSL_ENTER("FreeCRL");
- if (crl->monitors[0].path)
- XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
- if (crl->monitors[1].path)
- XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
- while(tmp) {
- CRL_Entry* next = tmp->next;
- FreeCRL_Entry(tmp);
- XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- tmp = next;
- }
- #ifdef HAVE_CRL_MONITOR
- if (crl->tid != 0) {
- CYASSL_MSG("stopping monitor thread");
- if (StopMonitor(crl->mfd) == 0)
- pthread_join(crl->tid, NULL);
- else {
- CYASSL_MSG("stop monitor failed, cancel instead");
- pthread_cancel(crl->tid);
- }
- }
- #endif
- FreeMutex(&crl->crlLock);
- if (dynamic) /* free self */
- XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
- }
- /* Is the cert ok with CRL, return 0 on success */
- int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
- {
- CRL_Entry* crle;
- int foundEntry = 0;
- int ret = 0;
- CYASSL_ENTER("CheckCertCRL");
- if (LockMutex(&crl->crlLock) != 0) {
- CYASSL_MSG("LockMutex failed");
- return BAD_MUTEX_E;
- }
- crle = crl->crlList;
- while (crle) {
- if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
- CYASSL_MSG("Found CRL Entry on list");
- CYASSL_MSG("Checking next date validity");
- if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
- CYASSL_MSG("CRL next date is no longer valid");
- ret = ASN_AFTER_DATE_E;
- }
- else
- foundEntry = 1;
- break;
- }
- crle = crle->next;
- }
- if (foundEntry) {
- RevokedCert* rc = crle->certs;
- while (rc) {
- if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
- CYASSL_MSG("Cert revoked");
- ret = CRL_CERT_REVOKED;
- break;
- }
- rc = rc->next;
- }
- }
- UnLockMutex(&crl->crlLock);
- if (foundEntry == 0) {
- CYASSL_MSG("Couldn't find CRL for status check");
- ret = CRL_MISSING;
- if (crl->cm->cbMissingCRL) {
- char url[256];
- CYASSL_MSG("Issuing missing CRL callback");
- url[0] = '\0';
- if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
- XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
- url[cert->extCrlInfoSz] = '\0';
- }
- else {
- CYASSL_MSG("CRL url too long");
- }
- crl->cm->cbMissingCRL(url);
- }
- }
- return ret;
- }
- /* Add Decoded CRL, 0 on success */
- static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
- {
- CRL_Entry* crle;
- CYASSL_ENTER("AddCRL");
- crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
- if (crle == NULL) {
- CYASSL_MSG("alloc CRL Entry failed");
- return -1;
- }
- if (InitCRL_Entry(crle, dcrl) < 0) {
- CYASSL_MSG("Init CRL Entry failed");
- XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- return -1;
- }
- if (LockMutex(&crl->crlLock) != 0) {
- CYASSL_MSG("LockMutex failed");
- FreeCRL_Entry(crle);
- XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
- return BAD_MUTEX_E;
- }
- crle->next = crl->crlList;
- crl->crlList = crle;
- UnLockMutex(&crl->crlLock);
- return 0;
- }
- /* Load CRL File of type, SSL_SUCCESS on ok */
- int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
- {
- int ret = SSL_SUCCESS;
- const byte* myBuffer = buff; /* if DER ok, otherwise switch */
- buffer der;
- #ifdef CYASSL_SMALL_STACK
- DecodedCRL* dcrl;
- #else
- DecodedCRL dcrl[1];
- #endif
- der.buffer = NULL;
- CYASSL_ENTER("BufferLoadCRL");
- if (crl == NULL || buff == NULL || sz == 0)
- return BAD_FUNC_ARG;
- if (type == SSL_FILETYPE_PEM) {
- int eccKey = 0; /* not used */
- EncryptedInfo info;
- info.ctx = NULL;
- ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
- if (ret == 0) {
- myBuffer = der.buffer;
- sz = der.length;
- }
- else {
- CYASSL_MSG("Pem to Der failed");
- return -1;
- }
- }
- #ifdef CYASSL_SMALL_STACK
- dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (dcrl == NULL) {
- if (der.buffer)
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
- return MEMORY_E;
- }
- #endif
- InitDecodedCRL(dcrl);
- ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
- if (ret != 0) {
- CYASSL_MSG("ParseCRL error");
- }
- else {
- ret = AddCRL(crl, dcrl);
- if (ret != 0) {
- CYASSL_MSG("AddCRL error");
- }
- }
- FreeDecodedCRL(dcrl);
- #ifdef CYASSL_SMALL_STACK
- XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (der.buffer)
- XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
- return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
- }
- #ifdef HAVE_CRL_MONITOR
- /* read in new CRL entries and save new list */
- static int SwapLists(CYASSL_CRL* crl)
- {
- int ret;
- CRL_Entry* newList;
- #ifdef CYASSL_SMALL_STACK
- CYASSL_CRL* tmp;
- #else
- CYASSL_CRL tmp[1];
- #endif
-
- #ifdef CYASSL_SMALL_STACK
- tmp = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return MEMORY_E;
- #endif
- if (InitCRL(tmp, crl->cm) < 0) {
- CYASSL_MSG("Init tmp CRL failed");
- #ifdef CYASSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -1;
- }
- if (crl->monitors[0].path) {
- ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
- if (ret != SSL_SUCCESS) {
- CYASSL_MSG("PEM LoadCRL on dir change failed");
- FreeCRL(tmp, 0);
- #ifdef CYASSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -1;
- }
- }
- if (crl->monitors[1].path) {
- ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
- if (ret != SSL_SUCCESS) {
- CYASSL_MSG("DER LoadCRL on dir change failed");
- FreeCRL(tmp, 0);
- #ifdef CYASSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -1;
- }
- }
- if (LockMutex(&crl->crlLock) != 0) {
- CYASSL_MSG("LockMutex failed");
- FreeCRL(tmp, 0);
- #ifdef CYASSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -1;
- }
- newList = tmp->crlList;
- /* swap lists */
- tmp->crlList = crl->crlList;
- crl->crlList = newList;
- UnLockMutex(&crl->crlLock);
- FreeCRL(tmp, 0);
- #ifdef CYASSL_SMALL_STACK
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return 0;
- }
- #if (defined(__MACH__) || defined(__FreeBSD__))
- #include <sys/types.h>
- #include <sys/event.h>
- #include <sys/time.h>
- #include <fcntl.h>
- #include <unistd.h>
- #ifdef __MACH__
- #define XEVENT_MODE O_EVTONLY
- #elif defined(__FreeBSD__)
- #define XEVENT_MODE EVFILT_VNODE
- #endif
- /* we need a unique kqueue user filter fd for crl in case user is doing custom
- * events too */
- #ifndef CRL_CUSTOM_FD
- #define CRL_CUSTOM_FD 123456
- #endif
- /* shutdown monitor thread, 0 on success */
- static int StopMonitor(int mfd)
- {
- struct kevent change;
- /* trigger custom shutdown */
- EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
- if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
- CYASSL_MSG("kevent trigger customer event failed");
- return -1;
- }
- return 0;
- }
- /* OS X monitoring */
- static void* DoMonitor(void* arg)
- {
- int fPEM, fDER;
- struct kevent change;
- CYASSL_CRL* crl = (CYASSL_CRL*)arg;
- CYASSL_ENTER("DoMonitor");
- crl->mfd = kqueue();
- if (crl->mfd == -1) {
- CYASSL_MSG("kqueue failed");
- return NULL;
- }
- /* listen for custom shutdown event */
- EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
- if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
- CYASSL_MSG("kevent monitor customer event failed");
- close(crl->mfd);
- return NULL;
- }
- fPEM = -1;
- fDER = -1;
- if (crl->monitors[0].path) {
- fPEM = open(crl->monitors[0].path, XEVENT_MODE);
- if (fPEM == -1) {
- CYASSL_MSG("PEM event dir open failed");
- close(crl->mfd);
- return NULL;
- }
- }
- if (crl->monitors[1].path) {
- fDER = open(crl->monitors[1].path, XEVENT_MODE);
- if (fDER == -1) {
- CYASSL_MSG("DER event dir open failed");
- close(crl->mfd);
- return NULL;
- }
- }
- if (fPEM != -1)
- EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
- if (fDER != -1)
- EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
- for (;;) {
- struct kevent event;
- int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
-
- CYASSL_MSG("Got kevent");
- if (numEvents == -1) {
- CYASSL_MSG("kevent problem, continue");
- continue;
- }
- if (event.filter == EVFILT_USER) {
- CYASSL_MSG("Got user shutdown event, breaking out");
- break;
- }
- if (SwapLists(crl) < 0) {
- CYASSL_MSG("SwapLists problem, continue");
- }
- }
- if (fPEM != -1)
- close(fPEM);
- if (fDER != -1)
- close(fDER);
- close(crl->mfd);
- return NULL;
- }
- #elif defined(__linux__)
- #include <sys/types.h>
- #include <sys/inotify.h>
- #include <sys/eventfd.h>
- #include <unistd.h>
- #ifndef max
- static INLINE int max(int a, int b)
- {
- return a > b ? a : b;
- }
- #endif /* max */
- /* shutdown monitor thread, 0 on success */
- static int StopMonitor(int mfd)
- {
- word64 w64 = 1;
- /* write to our custom event */
- if (write(mfd, &w64, sizeof(w64)) < 0) {
- CYASSL_MSG("StopMonitor write failed");
- return -1;
- }
- return 0;
- }
- /* linux monitoring */
- static void* DoMonitor(void* arg)
- {
- int notifyFd;
- int wd = -1;
- CYASSL_CRL* crl = (CYASSL_CRL*)arg;
- #ifdef CYASSL_SMALL_STACK
- char* buff;
- #else
- char buff[8192];
- #endif
- CYASSL_ENTER("DoMonitor");
- crl->mfd = eventfd(0, 0); /* our custom shutdown event */
- if (crl->mfd < 0) {
- CYASSL_MSG("eventfd failed");
- return NULL;
- }
- notifyFd = inotify_init();
- if (notifyFd < 0) {
- CYASSL_MSG("inotify failed");
- close(crl->mfd);
- return NULL;
- }
- if (crl->monitors[0].path) {
- wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
- IN_DELETE);
- if (wd < 0) {
- CYASSL_MSG("PEM notify add watch failed");
- close(crl->mfd);
- close(notifyFd);
- return NULL;
- }
- }
- if (crl->monitors[1].path) {
- wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
- IN_DELETE);
- if (wd < 0) {
- CYASSL_MSG("DER notify add watch failed");
- close(crl->mfd);
- close(notifyFd);
- return NULL;
- }
- }
- #ifdef CYASSL_SMALL_STACK
- buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buff == NULL)
- return NULL;
- #endif
- for (;;) {
- fd_set readfds;
- int result;
- int length;
- FD_ZERO(&readfds);
- FD_SET(notifyFd, &readfds);
- FD_SET(crl->mfd, &readfds);
- result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
-
- CYASSL_MSG("Got notify event");
- if (result < 0) {
- CYASSL_MSG("select problem, continue");
- continue;
- }
- if (FD_ISSET(crl->mfd, &readfds)) {
- CYASSL_MSG("got custom shutdown event, breaking out");
- break;
- }
- length = read(notifyFd, buff, 8192);
- if (length < 0) {
- CYASSL_MSG("notify read problem, continue");
- continue;
- }
- if (SwapLists(crl) < 0) {
- CYASSL_MSG("SwapLists problem, continue");
- }
- }
- #ifdef CYASSL_SMALL_STACK
- XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (wd > 0)
- inotify_rm_watch(notifyFd, wd);
- close(crl->mfd);
- close(notifyFd);
- return NULL;
- }
- #else
- #error "CRL monitor only currently supported on linux or mach"
- #endif /* MACH or linux */
- /* Start Monitoring the CRL path(s) in a thread */
- static int StartMonitorCRL(CYASSL_CRL* crl)
- {
- pthread_attr_t attr;
- CYASSL_ENTER("StartMonitorCRL");
- if (crl == NULL)
- return BAD_FUNC_ARG;
- if (crl->tid != 0) {
- CYASSL_MSG("Monitor thread already running");
- return MONITOR_RUNNING_E;
- }
- pthread_attr_init(&attr);
- if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
- CYASSL_MSG("Thread creation error");
- return THREAD_CREATE_E;
- }
- return SSL_SUCCESS;
- }
- #else /* HAVE_CRL_MONITOR */
- static int StartMonitorCRL(CYASSL_CRL* crl)
- {
- (void)crl;
- CYASSL_ENTER("StartMonitorCRL");
- CYASSL_MSG("Not compiled in");
- return NOT_COMPILED_IN;
- }
- #endif /* HAVE_CRL_MONITOR */
- /* Load CRL path files of type, SSL_SUCCESS on ok */
- int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
- {
- struct dirent* entry;
- DIR* dir;
- int ret = SSL_SUCCESS;
- #ifdef CYASSL_SMALL_STACK
- char* name;
- #else
- char name[MAX_FILENAME_SZ];
- #endif
- CYASSL_ENTER("LoadCRL");
- if (crl == NULL)
- return BAD_FUNC_ARG;
- dir = opendir(path);
- if (dir == NULL) {
- CYASSL_MSG("opendir path crl load failed");
- return BAD_PATH_ERROR;
- }
- #ifdef CYASSL_SMALL_STACK
- name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (name == NULL)
- return MEMORY_E;
- #endif
- while ( (entry = readdir(dir)) != NULL) {
- struct stat s;
- XMEMSET(name, 0, MAX_FILENAME_SZ);
- XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
- XSTRNCAT(name, "/", 1);
- XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
- if (stat(name, &s) != 0) {
- CYASSL_MSG("stat on name failed");
- continue;
- }
- if (s.st_mode & S_IFREG) {
- if (type == SSL_FILETYPE_PEM) {
- if (strstr(entry->d_name, ".pem") == NULL) {
- CYASSL_MSG("not .pem file, skipping");
- continue;
- }
- }
- else {
- if (strstr(entry->d_name, ".der") == NULL &&
- strstr(entry->d_name, ".crl") == NULL) {
- CYASSL_MSG("not .der or .crl file, skipping");
- continue;
- }
- }
- if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
- != SSL_SUCCESS) {
- CYASSL_MSG("CRL file load failed, continuing");
- }
- }
- }
- #ifdef CYASSL_SMALL_STACK
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (monitor & CYASSL_CRL_MONITOR) {
- CYASSL_MSG("monitor path requested");
- if (type == SSL_FILETYPE_PEM) {
- crl->monitors[0].path = strdup(path);
- crl->monitors[0].type = SSL_FILETYPE_PEM;
- if (crl->monitors[0].path == NULL)
- ret = MEMORY_E;
- } else {
- crl->monitors[1].path = strdup(path);
- crl->monitors[1].type = SSL_FILETYPE_ASN1;
- if (crl->monitors[1].path == NULL)
- ret = MEMORY_E;
- }
-
- if (monitor & CYASSL_CRL_START_MON) {
- CYASSL_MSG("start monitoring requested");
-
- ret = StartMonitorCRL(crl);
- }
- }
-
- closedir(dir);
- return ret;
- }
- #endif /* HAVE_CRL */
|