Always revoke certificate on CRL

RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-06-15 17:03:13 +02:00 · 2020-06-15 17:03:13 +02:00 · a4e86141f1
commit a4e86141f1
parent c60c30eb68
9 changed files with 66 additions and 4 deletions
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1500,6 +1500,16 @@ component_test_null_entropy () {
    make test
 }

+component_test_no_date_time () {
+    msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
+    scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
+    CC=gcc cmake
+    make
+
+    msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
+    make test
+}
+
 component_test_platform_calloc_macro () {
    msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
    scripts/config.py set MBEDTLS_PLATFORM_MEMORY