From 56d4a3c3924917253b401c6c2920a932072f0bee Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Thu, 6 Sep 2007 10:01:47 -0700
Subject: [PATCH] crypt32: Don't ask CertGetIssuerCertificateFromStore to
 verify revocation status, it almost certainly doesn't do what we want.

---
 dlls/crypt32/chain.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index b8bb0df5ce5..4cf74a63353 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
 static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
  PCCERT_CONTEXT cert, PDWORD pdwFlags)
 {
-    *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+    *pdwFlags = CERT_STORE_SIGNATURE_FLAG;
     return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
 }
 
@@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
         rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
         CRYPT_CheckRootCert(engine->hRoot, rootElement);
     }
+    /* FIXME: check revocation of every cert with CertVerifyRevocation */
     CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
 }