Juan Lang : crypt32: Check revocation failures when verifying the SSL policy.
Alexandre Julliard
julliard at winehq.org
Thu Sep 30 11:23:35 CDT 2010
Module: wine
Branch: master
Commit: be3a5e368f97a6f8efeb35bde9c078f096b081d7
URL: http://source.winehq.org/git/wine.git/?a=commit;h=be3a5e368f97a6f8efeb35bde9c078f096b081d7
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Sep 29 14:12:33 2010 -0700
crypt32: Check revocation failures when verifying the SSL policy.
---
dlls/crypt32/chain.c | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 7525923..4b6fdba 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3337,6 +3337,23 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
+ else if (pChainContext->TrustStatus.dwErrorStatus &
+ CERT_TRUST_IS_REVOKED && !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
+ {
+ pPolicyStatus->dwError = CERT_E_REVOKED;
+ find_element_with_error(pChainContext,
+ CERT_TRUST_IS_REVOKED, &pPolicyStatus->lChainIndex,
+ &pPolicyStatus->lElementIndex);
+ }
+ else if (pChainContext->TrustStatus.dwErrorStatus &
+ CERT_TRUST_IS_OFFLINE_REVOCATION &&
+ !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
+ {
+ pPolicyStatus->dwError = CERT_E_REVOCATION_FAILURE;
+ find_element_with_error(pChainContext,
+ CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex,
+ &pPolicyStatus->lElementIndex);
+ }
else
pPolicyStatus->dwError = NO_ERROR;
/* We only need bother checking whether the name in the end certificate
More information about the wine-cvs
mailing list