Module: wine Branch: master Commit: 60ddb1365d77f0ac982b2a2e7e913c8dc40e4d26 URL: http://source.winehq.org/git/wine.git/?a=commit;h=60ddb1365d77f0ac982b2a2e7e...
Author: Juan Lang juan.lang@gmail.com Date: Mon Nov 30 11:02:50 2009 -0800
cryptnet: If the caller specifies the location of a CRL, check a cert's revocation status against it.
---
dlls/cryptnet/cryptnet_main.c | 30 ++++++++++++++++++++++++++++-- 1 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index 8d6dd8f..9e29daa 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -1582,8 +1582,34 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index, 0, NULL, &cbUrlArray, NULL, NULL, NULL); if (!ret && GetLastError() == CRYPT_E_NOT_FOUND) { - error = CRYPT_E_NO_REVOCATION_CHECK; - pRevStatus->dwIndex = index; + if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert) + { + PCCRL_CONTEXT crl; + + /* If the caller was helpful enough to tell us where to find a CRL + * for the cert, look for one and check it. + */ + crl = CertFindCRLInStore(pRevPara->hCrlStore, + cert->dwCertEncodingType, + CRL_FIND_ISSUED_BY_SIGNATURE_FLAG | CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL); + if (crl) + { + error = verify_cert_revocation_with_crl(cert, crl, index, + pTime, pRevStatus); + CertFreeCRLContext(crl); + } + else + { + error = CRYPT_E_NO_REVOCATION_CHECK; + pRevStatus->dwIndex = index; + } + } + else + { + error = CRYPT_E_NO_REVOCATION_CHECK; + pRevStatus->dwIndex = index; + } } else if (ret) {