diff options
author | dreijer <dreijer@echobit.net> | 2012-04-24 14:25:57 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2012-04-24 20:08:54 (GMT) |
commit | e33b7a309e0424450ab00bc6180df95c6c049195 (patch) | |
tree | 75cd39e2eeefe7de3ece011878f356460455fe52 /Swiften/TLS/Schannel | |
parent | bba024c4ff2bc299e938211d3fa947512ff1ce44 (diff) | |
download | swift-e33b7a309e0424450ab00bc6180df95c6c049195.zip swift-e33b7a309e0424450ab00bc6180df95c6c049195.tar.bz2 |
* Added additional cert store to chain validation. * Turned off revocation checking.
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 6169ad7..279c36b 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { NULL, // Use the chain engine for the current user (assumes a user is logged in) pServerCert->getCertContext(), NULL, - NULL, + pServerCert->getCertContext()->hCertStore, &chainParams, chainFlags, NULL, |