Update x509_certs_verify to check crl

include/gmssl/version.h

@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1101"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1102"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

include/gmssl/x509_cer.h

@@ -380,9 +380,13 @@ typedef enum {
 //int x509_cert_chain_verify(const uint8_t *certs, size_t certslen,
 //	const uint8_t *cacerts, size_t cacertslen, int depth, int *verify_result);
 int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
-	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
+	const uint8_t *rootcerts, size_t rootcertslen,
+	const uint8_t *crl, size_t crl_len,
+	int depth, int *verify_result);
 int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type,
-	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
+	const uint8_t *rootcerts, size_t rootcertslen,
+	const uint8_t *crl, size_t crl_len,
+	int depth, int *verify_result);
 int x509_certs_check_name_constraints(const uint8_t *cert_chain, size_t cert_chain_len,
 	const uint8_t *rootcacert, size_t rootcacertlen);
 int x509_certs_check_basic_constraints(const uint8_t *cert_chain, size_t cert_chain_len,

include/gmssl/x509_crl.h

@@ -295,6 +295,8 @@ int x509_crl_get_revoked_certs(const uint8_t *a, size_t alen, const uint8_t **d,
 int x509_crl_find_revoked_cert_by_serial_number(const uint8_t *a, size_t alen,
 	const uint8_t *serial, size_t serial_len, time_t *revoke_date,
 	const uint8_t **entry_exts, size_t *entry_exts_len);
+int x509_cert_is_revoked_by_crl(const uint8_t *cert, size_t certlen,
+	const uint8_t *crl, size_t crl_len);
 
 int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);