wininet: Don't perform revocation checks when verifying a certificate.
juan.lang at gmail.com
Wed Dec 12 11:28:42 CST 2012
On Wed, Dec 12, 2012 at 12:32 AM, Hans Leidekker <hans at codeweavers.com>wrote:
> On Tue, 2012-12-11 at 12:59 -0800, Juan Lang wrote:
> > Getting the client to trust the server cert can be as easy as ignoring
> > root errors, if you don't think this impacts the revocation results.
> > Returning revocation is straightforward enough, assuming you have a
> server under
> > your control.
> So self-sign the CRL too. I guess that might work if ignoring untrusted
> errors extends to verification of the CRL.
> Actually, I was thinking a 2-certificate chain, with the root signing the
CRL. I don't think a cert that revokes itself has a lot of meaning.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wine-devel