[PATCH 2/3] cryptnet: Move revocation cache check to verify_cert_revocation_from_dist_points_ext().
Hans Leidekker
wine at gitlab.winehq.org
Wed Jun 15 07:46:22 CDT 2022
From: Hans Leidekker <hans at codeweavers.com>
Paves the way for falling back from OCSP to online CRL verification. It's not clear if a
cache is needed for OCSP responses, or if the wininet cache wouldn't be sufficient.
---
dlls/cryptnet/cryptnet_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index b066821a431..cd06c4a3008 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1696,6 +1696,9 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *
return CRYPT_E_REVOCATION_OFFLINE;
}
+ if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, time, status))
+ return status->dwError;
+
if (!CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &url_array_size, NULL, NULL))
return GetLastError();
@@ -2143,9 +2146,6 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
DWORD error = ERROR_SUCCESS;
PCERT_EXTENSION ext;
- if (find_cached_revocation_status(&cert->pCertInfo->SerialNumber, pTime, pRevStatus))
- return pRevStatus->dwError;
-
if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
--
GitLab
https://gitlab.winehq.org/wine/wine/-/merge_requests/251
More information about the wine-devel
mailing list