- Added CRL revocation support to x509parse_verify()

- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code

include/polarssl/ssl.h

@@ -235,6 +235,7 @@ struct _ssl_context
     rsa_context *rsa_key;               /*!<  own RSA private key     */
     x509_cert *own_cert;                /*!<  own X.509 certificate   */
     x509_cert *ca_chain;                /*!<  own trusted CA chain    */
+    x509_crl *ca_crl;                   /*!<  trusted CA CRLs         */
     x509_cert *peer_cert;               /*!<  peer X.509 cert chain   */
     char *peer_cn;                      /*!<  expected peer CN        */
 
@@ -389,12 +390,13 @@ void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
  *
  * \param ssl      SSL context
  * \param ca_chain trusted CA chain
+ * \param ca_crl   trusted CA CRLs
  * \param peer_cn  expected peer CommonName (or NULL)
  *
  * \note           TODO: add two more parameters: depth and crl
  */
 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
-                       char *peer_cn );
+                       x509_crl *ca_crl, char *peer_cn );
 
 /**
  * \brief          Set own certificate and private key