From c2b42758da9542fb880d769f378fe54fad02b5ae Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Mon, 15 Nov 2010 17:07:22 -0800 Subject: [PATCH] wininet: Verify revocation status of certificate chain. --- dlls/wininet/netconnection.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c index 83bab074a7d..6a06b9a1415 100644 --- a/dlls/wininet/netconnection.c +++ b/dlls/wininet/netconnection.c @@ -228,13 +228,15 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store, PCCERT_CHAIN_CONTEXT chain; char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH; char *server_auth[] = { oid_server_auth }; - DWORD err = ERROR_SUCCESS; + DWORD err = ERROR_SUCCESS, chainFlags = 0; TRACE("verifying %s\n", debugstr_w(server)); chainPara.RequestedUsage.Usage.cUsageIdentifier = 1; chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth; - if ((ret = CertGetCertificateChain(NULL, cert, NULL, store, &chainPara, 0, - NULL, &chain))) + if (!(security_flags & SECURITY_FLAG_IGNORE_REVOCATION)) + chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + if ((ret = CertGetCertificateChain(NULL, cert, NULL, store, &chainPara, + chainFlags, NULL, &chain))) { if (chain->TrustStatus.dwErrorStatus) { -- 2.11.4.GIT