Juan Lang : crypt32: Don' t ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want.

Mon Sep 10 10:18:01 CDT 2007

Module: wine
Branch: master
Commit: 56d4a3c3924917253b401c6c2920a932072f0bee
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=56d4a3c3924917253b401c6c2920a932072f0bee

Author: Juan Lang <juan.lang at gmail.com>
Date:   Thu Sep  6 10:01:47 2007 -0700

crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want.

---

 dlls/crypt32/chain.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index b8bb0df..4cf74a6 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
 static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
  PCCERT_CONTEXT cert, PDWORD pdwFlags)
 {
-    *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+    *pdwFlags = CERT_STORE_SIGNATURE_FLAG;
     return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
 }
 
@@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
         rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
         CRYPT_CheckRootCert(engine->hRoot, rootElement);
     }
+    /* FIXME: check revocation of every cert with CertVerifyRevocation */
     CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
 }
 


