wininet: Don't perform revocation checks when verifying a certificate.

Jacek Caban jacek at
Tue Dec 11 07:52:50 CST 2012

Hi Hans,

On 12/11/12 09:45, Hans Leidekker wrote:
> is a test which shows that
> revocation checks fail for the certificate on when passed straight
> to CertVerifyRevocation. The reason is that a CRL link specified in the
> certificate does not resolve.
> is a test which makes
> a secure connection to from wininet and shows that this succeeds.
> My conclusion is that native wininet doesn't perform revocation checks.

Your tests prove that we should relax our verification on
CERT_TRUST_IS_OFFLINE_REVOCATION or something similar. To prove that
revocation checks are not made, a test with truly revoked cert would be


More information about the wine-devel mailing list