Clarify documentation about missing CRLs Also tune up some working while at it.

commit: eeef9470406422af6d4f05df9a28d18af6c300dc [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 22 11:36:55 2016 +0100
committer: Simon Butcher <simon.butcher@arm.com> Wed Mar 09 19:32:08 2016 +0000
tree: e737a39023e2d2037bcc9a1b33e55bb2c5afd419
parent: 214a84889cfc8fd18ef08f72e4b9074b4f8472d6 [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6dc5ad3..0606eb9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -1600,7 +1600,8 @@
 }
 
 /*
- * Check that the given certificate is valid according to the CRL.
+ * Check that the given certificate is not revoked according to the CRL.
+ * Skip validation is no CRL for the given CA is present.
  */
 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
                                mbedtls_x509_crl *crl_list,
@@ -1613,12 +1614,6 @@
     if( ca == NULL )
         return( flags );
 
-    /*
-     * TODO: What happens if no CRL is present?
-     * Suggestion: Revocation state should be unknown if no CRL is present.
-     * For backwards compatibility this is not yet implemented.
-     */
-
     while( crl_list != NULL )
     {
         if( crl_list->version == 0 ||
commit	eeef9470406422af6d4f05df9a28d18af6c300dc	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Feb 22 11:36:55 2016 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Wed Mar 09 19:32:08 2016 +0000
tree	e737a39023e2d2037bcc9a1b33e55bb2c5afd419
parent	214a84889cfc8fd18ef08f72e4b9074b4f8472d6 [diff] [blame]