Juan Lang : cryptnet: If the caller specifies the location of a CRL, check a cert's revocation status against it.
Alexandre Julliard
julliard at winehq.org
Thu Dec 17 10:37:08 CST 2009
Module: wine
Branch: master
Commit: 60ddb1365d77f0ac982b2a2e7e913c8dc40e4d26
URL: http://source.winehq.org/git/wine.git/?a=commit;h=60ddb1365d77f0ac982b2a2e7e913c8dc40e4d26
Author: Juan Lang <juan.lang at gmail.com>
Date: Mon Nov 30 11:02:50 2009 -0800
cryptnet: If the caller specifies the location of a CRL, check a cert's revocation status against it.
---
dlls/cryptnet/cryptnet_main.c | 30 ++++++++++++++++++++++++++++--
1 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index 8d6dd8f..9e29daa 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1582,8 +1582,34 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
0, NULL, &cbUrlArray, NULL, NULL, NULL);
if (!ret && GetLastError() == CRYPT_E_NOT_FOUND)
{
- error = CRYPT_E_NO_REVOCATION_CHECK;
- pRevStatus->dwIndex = index;
+ if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
+ {
+ PCCRL_CONTEXT crl;
+
+ /* If the caller was helpful enough to tell us where to find a CRL
+ * for the cert, look for one and check it.
+ */
+ crl = CertFindCRLInStore(pRevPara->hCrlStore,
+ cert->dwCertEncodingType,
+ CRL_FIND_ISSUED_BY_SIGNATURE_FLAG | CRL_FIND_ISSUED_BY_AKI_FLAG,
+ CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
+ if (crl)
+ {
+ error = verify_cert_revocation_with_crl(cert, crl, index,
+ pTime, pRevStatus);
+ CertFreeCRLContext(crl);
+ }
+ else
+ {
+ error = CRYPT_E_NO_REVOCATION_CHECK;
+ pRevStatus->dwIndex = index;
+ }
+ }
+ else
+ {
+ error = CRYPT_E_NO_REVOCATION_CHECK;
+ pRevStatus->dwIndex = index;
+ }
}
else if (ret)
{
More information about the wine-cvs
mailing list