Skip to content

Commit 8117569

Browse files
lealem47danielinux
lealem47
authored and
danielinux
committed
Adding CRL support
1 parent 33aced7 commit 8117569

4 files changed

Lines changed: 84 additions & 1 deletion

File tree

certs/crl.pem

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
Certificate Revocation List (CRL):
2+
Version 2 (0x1)
3+
Signature Algorithm: sha256WithRSAEncryption
4+
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
5+
Last Update: Feb 15 12:50:27 2022 GMT
6+
Next Update: Nov 11 12:50:27 2024 GMT
7+
CRL extensions:
8+
X509v3 CRL Number:
9+
2
10+
Revoked Certificates:
11+
Serial Number: 02
12+
Revocation Date: Feb 15 12:50:27 2022 GMT
13+
Signature Algorithm: sha256WithRSAEncryption
14+
43:e6:3b:30:0e:32:53:32:a4:08:3c:e5:d5:2e:f1:ce:e9:95:
15+
ff:ba:d6:fe:2e:59:80:f8:0a:2f:cf:1e:e0:37:fe:ca:cc:33:
16+
66:8b:ed:65:50:7d:44:92:d3:5c:52:9a:95:a5:9d:a5:4e:77:
17+
8b:b4:7f:59:c8:7a:e0:eb:34:32:ae:a1:03:99:d2:3c:c0:f4:
18+
7e:1c:87:4c:6c:5a:ba:0a:95:e8:a1:44:01:7b:8f:3e:a4:e3:
19+
e8:1e:07:19:f0:09:7a:85:8f:f3:82:62:f8:1e:08:51:a3:60:
20+
30:5b:06:c8:a2:b3:ff:aa:28:66:ad:fe:4b:81:49:30:ef:5f:
21+
5d:ac:d9:ad:17:9f:2a:b6:22:d6:35:cc:9f:d9:11:26:dd:7a:
22+
06:35:d0:d5:c7:41:6c:52:97:8c:aa:82:5a:e5:a8:58:d4:b7:
23+
2b:31:84:34:15:bd:08:e4:9e:71:9e:c5:40:f8:02:a3:a0:1e:
24+
4f:98:72:2b:eb:9e:8a:4e:01:83:88:e5:cb:6e:3b:52:e3:a9:
25+
34:a1:7c:e4:79:2c:d1:e0:0b:74:22:ba:6d:cb:c3:a1:56:f9:
26+
c9:f4:20:bf:00:49:df:6b:59:49:18:c7:75:27:8e:a1:5a:a6:
27+
ff:f2:be:34:4a:c9:6d:6e:24:a3:1f:15:7e:34:90:b6:81:bf:
28+
15:80:c3:ac
29+
-----BEGIN X509 CRL-----
30+
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
31+
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
32+
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
33+
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIyMDIxNTEyNTAyN1oX
34+
DTI0MTExMTEyNTAyN1owFDASAgECFw0yMjAyMTUxMjUwMjdaoA4wDDAKBgNVHRQE
35+
AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAQ+Y7MA4yUzKkCDzl1S7xzumV/7rW/i5Z
36+
gPgKL88e4Df+yswzZovtZVB9RJLTXFKalaWdpU53i7R/Wch64Os0Mq6hA5nSPMD0
37+
fhyHTGxaugqV6KFEAXuPPqTj6B4HGfAJeoWP84Ji+B4IUaNgMFsGyKKz/6ooZq3+
38+
S4FJMO9fXazZrRefKrYi1jXMn9kRJt16BjXQ1cdBbFKXjKqCWuWoWNS3KzGENBW9
39+
COSecZ7FQPgCo6AeT5hyK+ueik4Bg4jly247UuOpNKF85Hks0eALdCK6bcvDoVb5
40+
yfQgvwBJ32tZSRjHdSeOoVqm//K+NErJbW4kox8VfjSQtoG/FYDDrA==
41+
-----END X509 CRL-----

examples/client.py

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,17 @@ def build_arg_parser():
8989
help="Send server HTTP GET"
9090
)
9191

92+
parser.add_argument(
93+
"-C", action="store_true",
94+
help="Disable CRL"
95+
)
96+
97+
parser.add_argument(
98+
"-r", metavar="crl_file", default="./certs/crl.pem",
99+
help="CRL file, default ./certs/crl.pem"
100+
)
101+
102+
92103
return parser
93104

94105

@@ -126,7 +137,11 @@ def main():
126137

127138
try:
128139
secure_socket = context.wrap_socket(bind_socket)
129-
140+
141+
if not args.C:
142+
secure_socket.enable_crl(1)
143+
secure_socket.load_crl_file(args.r, 1);
144+
130145
secure_socket.connect((args.h, args.p))
131146

132147
if args.g:

wolfssl/__init__.py

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -515,6 +515,28 @@ def use_sni(self, server_hostname):
515515
if ret != _SSL_SUCCESS:
516516
raise SSLError("Unable to set wolfSSL SNI")
517517

518+
def enable_crl(self, options):
519+
"""
520+
Enables CRL certificate revocation
521+
"""
522+
523+
ret = _lib.wolfSSL_EnableCRL(self.native_object, options)
524+
525+
if ret != _SSL_SUCCESS:
526+
raise SSLError("Unable to enable CRL ")
527+
528+
def load_crl_file(self, path, filetype):
529+
"""
530+
Load CRL certificate revocation
531+
"""
532+
533+
ret = _lib.wolfSSL_LoadCRLFile(self.native_object,
534+
t2b(path) if path else _ffi.NULL,
535+
filetype)
536+
537+
if ret != _SSL_SUCCESS:
538+
raise SSLError("Unable to load CRL")
539+
518540
def write(self, data):
519541
"""
520542
Write DATA to the underlying secure channel.

wolfssl/_build_ffi.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,9 @@ def make_flags(prefix, debug):
156156
# tls 1.3
157157
flags.append("--enable-tls13")
158158

159+
# crl
160+
flags.append("--enable-crl")
161+
159162
# for urllib3 - requires SNI (tlsx), options (openssl compat), peer cert
160163
flags.append("--enable-tlsx")
161164
flags.append("--enable-opensslextra")
@@ -448,6 +451,8 @@ def generate_libwolfssl():
448451
int wolfSSL_set_tlsext_host_name(WOLFSSL*, const char*);
449452
long wolfSSL_ctrl(WOLFSSL*, int, long, void*);
450453
void wolfSSL_set_connect_state(WOLFSSL*);
454+
int wolfSSL_EnableCRL(WOLFSSL*, int);
455+
int wolfSSL_LoadCRLFile(WOLFSSL*, const char*, int);
451456
452457
/**
453458
* WOLFSSL_X509 functions

0 commit comments

Comments
 (0)