Address review comments from @cordney

Primarily doc updates but also expose some more logic in PKIX namespace,
overall_status and merge_revocation_status. This allows calling more or less all
of the logic used by the monolitic x509_path_validate in any way needed by an
application.

Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr

Add optional Certificate_Store_In_Memory* pointer to check_crl_online,
valid CRLs are saved there.

1 files changed, 10 insertions, 4 deletions

diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp
index 51abf640a..1f7275675 100644
--- a/src/lib/x509/certstor.cpp
+++ b/src/lib/x509/certstor.cpp
@@ -89,21 +89,27 @@ Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<byte>& k
 
 void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
    {
-   X509_DN crl_issuer = crl.issuer_dn();
+   std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
+   return add_crl(crl_s);
+   }
+
+void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
+   {
+   X509_DN crl_issuer = crl->issuer_dn();
 
    for(size_t i = 0; i != m_crls.size(); ++i)
       {
       // Found an update of a previously existing one; replace it
       if(m_crls[i]->issuer_dn() == crl_issuer)
          {
-         if(m_crls[i]->this_update() <= crl.this_update())
-            m_crls[i] = std::make_shared<X509_CRL>(crl);
+         if(m_crls[i]->this_update() <= crl->this_update())
+            m_crls[i] = crl;
          return;
          }
       }
 
    // Totally new CRL, add to the list
-   m_crls.push_back(std::make_shared<X509_CRL>(crl));
+   m_crls.push_back(crl);
    }
 
 std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const