Swiftdiff options
| author | Remko Tronçon <git@el-tramo.be> | 2012-04-30 21:05:43 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2012-05-05 16:05:08 (GMT) |
| commit | 5b61ad968d61a2281e194eb8444dff4e105739f3 (patch) | |
| tree | 417c81895b733206cb4a218ad3b996a1581b33d4 /Swiften/TLS/Schannel/SchannelContext.cpp | |
| parent | 1824826fffbe9ebf508264db13843bd1a94f0778 (diff) | |
| download | swift-contrib-5b61ad968d61a2281e194eb8444dff4e105739f3.zip swift-contrib-5b61ad968d61a2281e194eb8444dff4e105739f3.tar.bz2 | |
Revert "Re-enable revocation check."
This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.
Diffstat (limited to 'Swiften/TLS/Schannel/SchannelContext.cpp')
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 641568d..2f2f2ae 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) { +SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() { m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -192,10 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT; - if (checkCertificateRevocation) { - chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; - } + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -650,9 +649,4 @@ ByteArray SchannelContext::getFinishMessage() const { //------------------------------------------------------------------------ -void SchannelContext::setCheckCertificateRevocation(bool b) { - checkCertificateRevocation = b; -} - - } |