wininet: Don't perform revocation checks when verifying a certificate.

Juan Lang juan.lang at
Wed Dec 12 11:28:42 CST 2012

On Wed, Dec 12, 2012 at 12:32 AM, Hans Leidekker <hans at>wrote:

> On Tue, 2012-12-11 at 12:59 -0800, Juan Lang wrote:
> > Getting the client to trust the server cert can be as easy as ignoring
> untrusted
> > root errors, if you don't think this impacts the revocation results.
> >
> > Returning revocation is straightforward enough, assuming you have a
> server under
> > your control.
> So self-sign the CRL too. I guess that might work if ignoring untrusted
> root
> errors extends to verification of the CRL.
> Actually, I was thinking a 2-certificate chain, with the root signing the
CRL. I don't think a cert that revokes itself has a lot of meaning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the wine-devel mailing list