Enhance management of certificates rejected by the PKI
PKI API, file src/Common/crypto/lib_dep/mbedtls/pki_mbedtls.c
:
- We should delete the rejected certificate once it is added as trusted / accepted.
- The
bAppendRejectCert
field inSOPC_PKI_Profile
should be removed as it is not used. -
SOPC_PKIProvider_AddCertToRejectedList
should be updated to add a rejected certificate only if it is not already included in the list. This would simplify theSOPC_PKIProvider_CopyRejectedList
function (its processing would only make a copy) - The function
SOPC_PKIProvider_WriteRejectedCertToStore
should be reworked to replace the old rejected files in the store with the current certificates. Indeed, the internal buffer storing the current rejected certificates is circular (a kind of ring buffer) and its contents is always up to date.
Edited by Vincent Monfort