Swiftdiff options
| author | Remko Tronçon <git@el-tramo.be> | 2012-04-24 18:50:22 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2012-04-24 20:08:54 (GMT) |
| commit | 856f970d14c5c32b80fc5ea359d4e567b51578a0 (patch) | |
| tree | 4e1d5574d94f90a6caf6e601b410597fb7184f7f /Swiften/TLS/Schannel/SchannelContext.cpp | |
| parent | e33b7a309e0424450ab00bc6180df95c6c049195 (diff) | |
| download | swift-contrib-856f970d14c5c32b80fc5ea359d4e567b51578a0.zip swift-contrib-856f970d14c5c32b80fc5ea359d4e567b51578a0.tar.bz2 | |
Re-enable revocation check.
Added a method on TLSContextFactory to disable revocation checks if
wanted.
Diffstat (limited to 'Swiften/TLS/Schannel/SchannelContext.cpp')
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 279c36b..20cb7d3 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() { +SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) { m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -192,9 +192,10 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting - // to talk to their revocation server, such as Starfield) - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT; + if (checkCertificateRevocation) { + chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + } ScopedCertChainContext pChainContext; @@ -647,4 +648,9 @@ ByteArray SchannelContext::getFinishMessage() const { //------------------------------------------------------------------------ +void SchannelContext::setCheckCertificateRevocation(bool b) { + checkCertificateRevocation = b; +} + + } |