summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2012-04-30 21:05:43 (GMT)
committerRemko Tronçon <git@el-tramo.be>2012-05-05 16:05:08 (GMT)
commit5b61ad968d61a2281e194eb8444dff4e105739f3 (patch)
tree417c81895b733206cb4a218ad3b996a1581b33d4
parent1824826fffbe9ebf508264db13843bd1a94f0778 (diff)
downloadswift-5b61ad968d61a2281e194eb8444dff4e105739f3.zip
swift-5b61ad968d61a2281e194eb8444dff4e105739f3.tar.bz2
Revert "Re-enable revocation check."
This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp8
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContextFactory.h5
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp14
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.h1
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.cpp12
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.h7
-rw-r--r--Swiften/TLS/TLSContextFactory.h1
7 files changed, 5 insertions, 43 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
index 6cd3c83..516482d 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
@@ -6,7 +6,6 @@
#include <Swiften/TLS/OpenSSL/OpenSSLContextFactory.h>
#include <Swiften/TLS/OpenSSL/OpenSSLContext.h>
-#include <Swiften/Base/Log.h>
namespace Swift {
@@ -18,11 +17,4 @@ TLSContext* OpenSSLContextFactory::createTLSContext() {
return new OpenSSLContext();
}
-void OpenSSLContextFactory::setCheckCertificateRevocation(bool) {
- assert(false);
- SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl;
-}
-
-
-
}
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
index 43ab960..4e39cd6 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
@@ -8,15 +8,10 @@
#include <Swiften/TLS/TLSContextFactory.h>
-#include <cassert>
-
namespace Swift {
class OpenSSLContextFactory : public TLSContextFactory {
public:
bool canCreate() const;
virtual TLSContext* createTLSContext();
-
- // Not supported
- virtual void setCheckCertificateRevocation(bool b);
};
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 641568d..2f2f2ae 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -21,7 +21,7 @@ namespace Swift {
//------------------------------------------------------------------------
-SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) {
+SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() {
m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_CONFIDENTIALITY |
ISC_REQ_EXTENDED_ERROR |
@@ -192,10 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
- DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT;
- if (checkCertificateRevocation) {
- chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
- }
+ // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
+ // to talk to their revocation server, such as Starfield)
+ DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
ScopedCertChainContext pChainContext;
@@ -650,9 +649,4 @@ ByteArray SchannelContext::getFinishMessage() const {
//------------------------------------------------------------------------
-void SchannelContext::setCheckCertificateRevocation(bool b) {
- checkCertificateRevocation = b;
-}
-
-
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 587d0e7..58e6551 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -103,6 +103,5 @@ namespace Swift
////Not needed, most likely
std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates
boost::shared_ptr<CAPICertificate> userCertificate;
- bool checkCertificateRevocation;
};
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 8b0044c..8ab7c6c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -9,22 +9,12 @@
namespace Swift {
-SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
-}
-
bool SchannelContextFactory::canCreate() const {
return true;
}
TLSContext* SchannelContextFactory::createTLSContext() {
- SchannelContext* context = new SchannelContext();
- context->setCheckCertificateRevocation(checkCertificateRevocation);
- return context;
+ return new SchannelContext();
}
-void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
- checkCertificateRevocation = b;
-}
-
-
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 9dc835c..43c39a9 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -11,14 +11,7 @@
namespace Swift {
class SchannelContextFactory : public TLSContextFactory {
public:
- SchannelContextFactory();
-
bool canCreate() const;
virtual TLSContext* createTLSContext();
-
- virtual void setCheckCertificateRevocation(bool b);
-
- public:
- bool checkCertificateRevocation;
};
}
diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h
index 5f08925..849ca71 100644
--- a/Swiften/TLS/TLSContextFactory.h
+++ b/Swiften/TLS/TLSContextFactory.h
@@ -16,6 +16,5 @@ namespace Swift {
virtual bool canCreate() const = 0;
virtual TLSContext* createTLSContext() = 0;
- virtual void setCheckCertificateRevocation(bool b) = 0;
};
}