Module: wine Branch: master Commit: 56d4a3c3924917253b401c6c2920a932072f0bee URL: http://source.winehq.org/git/wine.git/?a=commit;h=56d4a3c3924917253b401c6c29...
Author: Juan Lang juan.lang@gmail.com Date: Thu Sep 6 10:01:47 2007 -0700
crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want.
---
dlls/crypt32/chain.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index b8bb0df..4cf74a6 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain) static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, PCCERT_CONTEXT cert, PDWORD pdwFlags) { - *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + *pdwFlags = CERT_STORE_SIGNATURE_FLAG; return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); }
@@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine, rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED; CRYPT_CheckRootCert(engine->hRoot, rootElement); } + /* FIXME: check revocation of every cert with CertVerifyRevocation */ CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus); }