summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordreijer <dreijer@echobit.net>2012-04-24 14:25:57 (GMT)
committerRemko Tronçon <git@el-tramo.be>2012-04-24 20:08:54 (GMT)
commite33b7a309e0424450ab00bc6180df95c6c049195 (patch)
tree75cd39e2eeefe7de3ece011878f356460455fe52 /Swiften/TLS/Schannel
parentbba024c4ff2bc299e938211d3fa947512ff1ce44 (diff)
downloadswift-e33b7a309e0424450ab00bc6180df95c6c049195.zip
swift-e33b7a309e0424450ab00bc6180df95c6c049195.tar.bz2
* Added additional cert store to chain validation. * Turned off revocation checking.
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 6169ad7..279c36b 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
- DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+ // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
+ // to talk to their revocation server, such as Starfield)
+ DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
ScopedCertChainContext pChainContext;
@@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
NULL, // Use the chain engine for the current user (assumes a user is logged in)
pServerCert->getCertContext(),
NULL,
- NULL,
+ pServerCert->getCertContext()->hCertStore,
&chainParams,
chainFlags,
NULL,