crypt32(14/17): Don't ask CertGetIssuerCertificateFromStore to
verify revocation status,
it almost certainly doesn't do what we want
Juan Lang
juan.lang at gmail.com
Thu Sep 6 12:09:36 CDT 2007
--Juan
-------------- next part --------------
From 056a49aee685326f59fdbc633db24307bac771c8 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Thu, 6 Sep 2007 10:01:47 -0700
Subject: [PATCH] Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it
almost certainly doesn't do what we want
---
dlls/crypt32/chain.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index b8bb0df..4cf74a6 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCy
static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
PCCERT_CONTEXT cert, PDWORD pdwFlags)
{
- *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+ *pdwFlags = CERT_STORE_SIGNATURE_FLAG;
return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
}
@@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCert
rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
CRYPT_CheckRootCert(engine->hRoot, rootElement);
}
+ /* FIXME: check revocation of every cert with CertVerifyRevocation */
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
}
--
1.4.1
More information about the wine-patches
mailing list