summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordreijer <dreijer@echobit.net>2012-04-24 14:25:57 (GMT)
committerRemko Tronçon <git@el-tramo.be>2012-05-05 16:06:12 (GMT)
commit9c11acbb8801186bafa29ff820d368512590396a (patch)
tree417c81895b733206cb4a218ad3b996a1581b33d4 /Swiften/TLS/Schannel
parent44928c6e006e0263bcb54472d6cae2794e75da67 (diff)
downloadswift-9c11acbb8801186bafa29ff820d368512590396a.zip
swift-9c11acbb8801186bafa29ff820d368512590396a.tar.bz2
* Added additional cert store to chain validation. * Turned off revocation checking.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 13b57b4..2f2f2ae 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
- DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+ // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
+ // to talk to their revocation server, such as Starfield)
+ DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
ScopedCertChainContext pChainContext;
@@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
NULL, // Use the chain engine for the current user (assumes a user is logged in)
pServerCert->getCertContext(),
NULL,
- NULL,
+ pServerCert->getCertContext()->hCertStore,
&chainParams,
chainFlags,
NULL,