From 9c11acbb8801186bafa29ff820d368512590396a Mon Sep 17 00:00:00 2001 From: dreijer Date: Tue, 24 Apr 2012 09:25:57 -0500 Subject: * Added additional cert store to chain validation. * Turned off revocation checking. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 13b57b4..2f2f2ae 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { NULL, // Use the chain engine for the current user (assumes a user is logged in) pServerCert->getCertContext(), NULL, - NULL, + pServerCert->getCertContext()->hCertStore, &chainParams, chainFlags, NULL, -- cgit v0.10.2-6-g49f6