ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want.

This commit is contained in:
Juan Lang 2007-09-06 10:01:47 -07:00 committed by Alexandre Julliard
parent dfd2d3d9bc
commit 56d4a3c392
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dlls/crypt32/chain.c
View File

@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
PCCERT_CONTEXT cert, PDWORD pdwFlags)
{
*pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
*pdwFlags = CERT_STORE_SIGNATURE_FLAG;
return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
}
@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
CRYPT_CheckRootCert(engine->hRoot, rootElement);
}
/* FIXME: check revocation of every cert with CertVerifyRevocation */
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
}