Hi,
I have the issue of certificate being revoked, not sure the reason. The certificates have not expired, and here the code
The certificates are passed the verification for a while, then suddenly failed the verification with the REVOKED error.
Do you see this situation before? And how that happens?
Sincerely,
Ben N
int VerifyCertWithCaCertificate (mbedtls_x509_crt *clicert,
mbedtls_x509_crt *cacert,
mbedtls_x509_crl *crl)
{
int ret = 0;
uint32_t flags;
// Verify certificate validity with CA certificate
LogMessage (" . Verify the client certificate with CA certificate...");
ret = mbedtls_x509_crt_verify (clicert, cacert, crl, NULL, &flags, NULL, NULL);
if (ret != 0)
{
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
{
if (0 != (flags & MBEDTLS_X509_BADCERT_CN_MISMATCH)) LogMessage (" CN_MISMATCH "); }
if (0 != (flags & MBEDTLS_X509_BADCERT_EXPIRED)) { LogMessage (" EXPIRED "); }
if (0 != (flags & MBEDTLS_X509_BADCERT_REVOKED)) {LogMessage (" REVOKED "); }
if (0 != (flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)) { LogMessage (" NOT_TRUSTED "); }
if (0 != (flags & MBEDTLS_X509_BADCERT_FUTURE)) { LogMessage (" SYSTEM_TIME_INFUTURE "); }
if (0 != (flags & MBEDTLS_X509_BADCRL_NOT_TRUSTED)) { LogMessage (" CRL_NOT_TRUSTED "); }
if (0 != (flags & MBEDTLS_X509_BADCRL_EXPIRED)) { LogMessage (" CRL_EXPIRED "); }
}
else
{
LogMessageArg(" failed\n ! to verify certificate with CA : ", ret);
return ret;
}
}
LogMessage(" ok");
return ret;
}