github/open62541
7
0
Fork 0
mirror of https://github.com/open62541/open62541.git synced 2025-06-03 04:00:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(plugins): Disable revocation lists checks in ua_pki_openssl.c if zero crl are loaded

Browse Source 
Avoid breakage for users of the 1.3 release family but still log a warning.
This commit is contained in:
Julius Pfrommer 2024-11-23 20:17:58 +01:00 committed by Julius Pfrommer
parent efbaac086e
commit 68142484a3
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/crypto/openssl/ua_pki_openssl.c
View File

@ -503,6 +503,13 @@ openSSLCheckRevoked(CertContext *ctx, X509 *cert) {
const X509_NAME *in = X509_get_issuer_name(cert);
int size = sk_X509_CRL_num(ctx->skCrls);
if(size == 0) {
UA_LOG_WARNING(UA_Log_Stdout, UA_LOGCATEGORY_SECURITYPOLICY,
"Zero revocation lists have been loaded. "
"This seems intentional - omitting the check.");
return UA_STATUSCODE_GOOD;
}
/* Loop over the crl and match the Issuer Name */
UA_StatusCode res = UA_STATUSCODE_BADCERTIFICATEREVOCATIONUNKNOWN;
for(int i = 0; i < size; i++) {