[PATCH 2/3] cryptnet: Move revocation cache check to verify_cert_revocation_from_dist_points_ext().

15 Jun 2022

From: Hans Leidekker hans@codeweavers.com
Paves the way for falling back from OCSP to online CRL verification. It's not clear if a
cache is needed for OCSP responses, or if the wininet cache wouldn't be sufficient.
---
 dlls/cryptnet/cryptnet_main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index b066821a431..cd06c4a3008 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1696,6 +1696,9 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *
         return CRYPT_E_REVOCATION_OFFLINE;
     }
+    if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, time, status))
+        return status->dwError;
+
     if (!CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &url_array_size, NULL, NULL))
         return GetLastError();
@@ -2143,9 +2146,6 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
     DWORD error = ERROR_SUCCESS;
     PCERT_EXTENSION ext;
-    if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, pTime, pRevStatus))
-        return pRevStatus->dwError;
-
     if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
     {
         error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/251


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[PATCH 2/3] cryptnet: Move revocation cache check to verify_cert_revocation_from_dist_points_ext().