commit 8880cb52f7477d618d9885a14eafce299f12eace
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jun 12 23:22:26 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Jun 12 23:22:26 2014 +0200
tree 756faae342c76ef718dfc1bad8d228c6f67337e3
parent 9b7fb6f68ef3a05e00abc671ff1937194aa4c4d1

Handle missing CRL parsing gracefully

programs/x509/cert_app.c

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index e558da2..6023cde 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -175,7 +175,13 @@
     server_fd = 0;
     x509_crt_init( &cacert );
     x509_crt_init( &clicert );
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     x509_crl_init( &cacrl );
+#else
+    /* Zeroize structure as CRL parsing is not supported and we have to pass
+       it to the verify function */
+    memset( &cacrl, 0, sizeof(x509_crl) );
+#endif
     pk_init( &pkey );
 
     if( argc == 0 )
@@ -274,17 +280,18 @@
 
     printf( " ok (%d skipped)\n", ret );
 
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     if( strlen( opt.crl_file ) )
     {
-        ret = x509_crl_parse_file( &cacrl, opt.crl_file );
+        if( ( ret = x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
+        {
+            printf( " failed\n  !  x509_crl_parse returned -0x%x\n\n", -ret );
+            goto exit;
+        }
+
         verify = 1;
     }
-
-    if( ret < 0 )
-    {
-        printf( " failed\n  !  x509_crl_parse returned -0x%x\n\n", -ret );
-        goto exit;
-    }
+#endif
 
     if( opt.mode == MODE_FILE )
     {
@@ -473,7 +480,9 @@
         net_close( server_fd );
     x509_crt_free( &cacert );
     x509_crt_free( &clicert );
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     x509_crl_free( &cacrl );
+#endif
     pk_free( &pkey );
     entropy_free( &entropy );