From 9ea664c77c6114b4f49c73f602cdbc73c2e6a346 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 19 Jan 2006 18:14:38 +0000
Subject: [PATCH] (hx509_context_set_missing_crl): new function Add CRL
 handling.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16613 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index 1fba2f291..9e69401ac 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -109,6 +109,15 @@ hx509_context_init(hx509_context *context)
     return 0;
 }
 
+void
+hx509_context_set_missing_crl(hx509_context context, int flag)
+{
+    if (flag)
+	context->flags |= HX509_CTX_CRL_MISSING_OK;
+    else
+	context->flags &= ~HX509_CTX_CRL_MISSING_OK;
+}
+
 void
 hx509_context_free(hx509_context *context)
 {
@@ -251,11 +260,6 @@ hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
 void
 hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
 {
-    if (ctx->trust_anchors)
-	hx509_certs_free(&ctx->trust_anchors);
-    if (ctx->revoke_ctx)
-	hx509_revoke_free(&ctx->revoke_ctx);
-
     memset(ctx, 0, sizeof(*ctx));
     free(ctx);
 }
@@ -263,16 +267,12 @@ hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
 void
 hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
 {
-    if (ctx->trust_anchors)
-	hx509_certs_free(&ctx->trust_anchors);
     ctx->trust_anchors = set;
 }
 
 void
 hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke)
 {
-    if (ctx->revoke_ctx)
-	hx509_revoke_free(&ctx->revoke_ctx);
     ctx->revoke_ctx = revoke;
 }
 
@@ -1191,12 +1191,22 @@ hx509_verify_path(hx509_context context,
     }
 
     /*
-     * Verify no certificates has been revoked.
+     * Verify that no certificates has been revoked.
      */
 
     if (ctx->revoke_ctx) {
-	for (i = path.len - 1; i >= 0; i--) {
-	    ret = hx509_revoke_verify(context,  ctx->revoke_ctx, ctx->time_now,
+	hx509_certs cacerts;
+
+	ret = hx509_certs_init(context, "MEMORY:cacerts", 0, NULL, &cacerts);
+
+	for (i = 0; i < path.len; i++)
+	    hx509_certs_add(context, cacerts, path.val[i]);
+
+	for (i = 0; i < path.len; i++) {
+	    ret = hx509_revoke_verify(context,
+				      ctx->revoke_ctx, 
+				      cacerts,
+				      ctx->time_now,
 				      path.val[i]);
 	    if (ret)
 		goto out;