[PATCH 3/3] cryptnet: Fall back to online CRL verification if OCSP verification fails.
Hans Leidekker
wine at gitlab.winehq.org
Wed Jun 15 07:46:23 CDT 2022
From: Hans Leidekker <hans at codeweavers.com>
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53136
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53138
---
dlls/cryptnet/cryptnet_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index cd06c4a3008..19de1ed2d8e 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -2149,12 +2149,16 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
+ TRACE("verify_cert_revocation_from_aia_ext() returned %08lx\n", error);
+ if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error;
}
- else if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+ if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{
error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
+ TRACE("verify_cert_revocation_from_dist_points_ext() returned %08lx\n", error);
+ if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error;
}
- else
+ if (!ext)
{
if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
{
--
GitLab
https://gitlab.winehq.org/wine/wine/-/merge_requests/251
More information about the wine-devel
mailing list