wininet: Don't perform revocation checks when verifying a certificate.
Juan Lang
juan.lang at gmail.com
Wed Dec 12 11:28:42 CST 2012
On Wed, Dec 12, 2012 at 12:32 AM, Hans Leidekker <hans at codeweavers.com>wrote:
> On Tue, 2012-12-11 at 12:59 -0800, Juan Lang wrote:
> > Getting the client to trust the server cert can be as easy as ignoring
> untrusted
> > root errors, if you don't think this impacts the revocation results.
> >
> > Returning revocation is straightforward enough, assuming you have a
> server under
> > your control.
>
> So self-sign the CRL too. I guess that might work if ignoring untrusted
> root
> errors extends to verification of the CRL.
>
> Actually, I was thinking a 2-certificate chain, with the root signing the
CRL. I don't think a cert that revokes itself has a lot of meaning.
--Juan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20121212/12cd9dbc/attachment.html>
More information about the wine-devel
mailing list