crypt32: Check revocation failures when verifying the SSL policy.

This commit is contained in:
Juan Lang 2010-09-29 14:12:33 -07:00 committed by Alexandre Julliard
parent da11d66bff
commit be3a5e368f
1 changed files with 17 additions and 0 deletions

View File

@ -3337,6 +3337,23 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_REVOKED && !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
{
pPolicyStatus->dwError = CERT_E_REVOKED;
find_element_with_error(pChainContext,
CERT_TRUST_IS_REVOKED, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_OFFLINE_REVOCATION &&
!(checks & SECURITY_FLAG_IGNORE_REVOCATION))
{
pPolicyStatus->dwError = CERT_E_REVOCATION_FAILURE;
find_element_with_error(pChainContext,
CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
else
pPolicyStatus->dwError = NO_ERROR;
/* We only need bother checking whether the name in the end certificate