Hans Leidekker : cryptnet: Move revocation cache check to verify_cert_revocation_from_dist_points_ext().
Alexandre Julliard
julliard at winehq.org
Wed Jun 15 16:05:57 CDT 2022
Module: wine
Branch: master
Commit: f08dcbf894943f85485f5d34a7120d52320559fc
URL: https://source.winehq.org/git/wine.git/?a=commit;h=f08dcbf894943f85485f5d34a7120d52320559fc
Author: Hans Leidekker <hans at codeweavers.com>
Date: Wed Jun 15 13:57:54 2022 +0200
cryptnet: Move revocation cache check to verify_cert_revocation_from_dist_points_ext().
Paves the way for falling back from OCSP to online CRL verification. It's not clear if a
cache is needed for OCSP responses, or if the wininet cache wouldn't be sufficient.
---
dlls/cryptnet/cryptnet_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index b066821a431..cd06c4a3008 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1696,6 +1696,9 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *
return CRYPT_E_REVOCATION_OFFLINE;
}
+ if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, time, status))
+ return status->dwError;
+
if (!CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &url_array_size, NULL, NULL))
return GetLastError();
@@ -2143,9 +2146,6 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
DWORD error = ERROR_SUCCESS;
PCERT_EXTENSION ext;
- if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, pTime, pRevStatus))
- return pRevStatus->dwError;
-
if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
More information about the wine-cvs
mailing list