Juan Lang : wininet: Verify revocation status of certificate chain.

Alexandre Julliard julliard at winehq.org
Tue Nov 16 12:45:44 CST 2010


Module: wine
Branch: master
Commit: c2b42758da9542fb880d769f378fe54fad02b5ae
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c2b42758da9542fb880d769f378fe54fad02b5ae

Author: Juan Lang <juan.lang at gmail.com>
Date:   Mon Nov 15 17:07:22 2010 -0800

wininet: Verify revocation status of certificate chain.

---

 dlls/wininet/netconnection.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 83bab07..6a06b9a 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -228,13 +228,15 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
     PCCERT_CHAIN_CONTEXT chain;
     char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH;
     char *server_auth[] = { oid_server_auth };
-    DWORD err = ERROR_SUCCESS;
+    DWORD err = ERROR_SUCCESS, chainFlags = 0;
 
     TRACE("verifying %s\n", debugstr_w(server));
     chainPara.RequestedUsage.Usage.cUsageIdentifier = 1;
     chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth;
-    if ((ret = CertGetCertificateChain(NULL, cert, NULL, store, &chainPara, 0,
-        NULL, &chain)))
+    if (!(security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
+        chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+    if ((ret = CertGetCertificateChain(NULL, cert, NULL, store, &chainPara,
+        chainFlags, NULL, &chain)))
     {
         if (chain->TrustStatus.dwErrorStatus)
         {




More information about the wine-cvs mailing list