From 8880cb52f7477d618d9885a14eafce299f12eace Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 12 Jun 2014 23:22:26 +0200
Subject: [PATCH] Handle missing CRL parsing gracefully

---
 programs/x509/cert_app.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index e558da271..6023cde10 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -175,7 +175,13 @@ int main( int argc, char *argv[] )
     server_fd = 0;
     x509_crt_init( &cacert );
     x509_crt_init( &clicert );
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     x509_crl_init( &cacrl );
+#else
+    /* Zeroize structure as CRL parsing is not supported and we have to pass
+       it to the verify function */
+    memset( &cacrl, 0, sizeof(x509_crl) );
+#endif
     pk_init( &pkey );
 
     if( argc == 0 )
@@ -274,17 +280,18 @@ int main( int argc, char *argv[] )
 
     printf( " ok (%d skipped)\n", ret );
 
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     if( strlen( opt.crl_file ) )
     {
-        ret = x509_crl_parse_file( &cacrl, opt.crl_file );
+        if( ( ret = x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
+        {
+            printf( " failed\n  !  x509_crl_parse returned -0x%x\n\n", -ret );
+            goto exit;
+        }
+
         verify = 1;
     }
-
-    if( ret < 0 )
-    {
-        printf( " failed\n  !  x509_crl_parse returned -0x%x\n\n", -ret );
-        goto exit;
-    }
+#endif
 
     if( opt.mode == MODE_FILE )
     {
@@ -473,7 +480,9 @@ exit:
         net_close( server_fd );
     x509_crt_free( &cacert );
     x509_crt_free( &clicert );
+#if defined(POLARSSL_X509_CRL_PARSE_C)
     x509_crl_free( &cacrl );
+#endif
     pk_free( &pkey );
     entropy_free( &entropy );