From: Hans Leidekker hans@codeweavers.com
--- dlls/cryptnet/cryptnet_main.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index ac282f5aa82..b066821a431 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -1690,6 +1690,12 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB * const CRL_CONTEXT *crl; DWORD timeout = 0;
+ if (!params || !params->pIssuerCert) + { + TRACE("no issuer certificate\n"); + return CRYPT_E_REVOCATION_OFFLINE; + } + if (!CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &url_array_size, NULL, NULL)) return GetLastError();
From: Hans Leidekker hans@codeweavers.com
Paves the way for falling back from OCSP to online CRL verification. It's not clear if a cache is needed for OCSP responses, or if the wininet cache wouldn't be sufficient. --- dlls/cryptnet/cryptnet_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index b066821a431..cd06c4a3008 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -1696,6 +1696,9 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB * return CRYPT_E_REVOCATION_OFFLINE; }
+ if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, time, status)) + return status->dwError; + if (!CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &url_array_size, NULL, NULL)) return GetLastError();
@@ -2143,9 +2146,6 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime, DWORD error = ERROR_SUCCESS; PCERT_EXTENSION ext;
- if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, pTime, pRevStatus)) - return pRevStatus->dwError; - if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) { error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
From: Hans Leidekker hans@codeweavers.com
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53136 Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53138 --- dlls/cryptnet/cryptnet_main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index cd06c4a3008..19de1ed2d8e 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -2149,12 +2149,16 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime, if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) { error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus); + TRACE("verify_cert_revocation_from_aia_ext() returned %08lx\n", error); + if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error; } - else if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) + if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) { error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus); + TRACE("verify_cert_revocation_from_dist_points_ext() returned %08lx\n", error); + if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error; } - else + if (!ext) { if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert) {
-
Hans Leidekker -
Hans Leidekker (@hans)