summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp14
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.h3
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.cpp12
-rw-r--r--Swiften/TLS/Schannel/SchannelContextFactory.h7
4 files changed, 31 insertions, 5 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 2f2f2ae..641568d 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -21,7 +21,7 @@ namespace Swift {
//------------------------------------------------------------------------
-SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() {
+SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) {
m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_CONFIDENTIALITY |
ISC_REQ_EXTENDED_ERROR |
@@ -192,9 +192,10 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
- // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
- // to talk to their revocation server, such as Starfield)
- DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
+ DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT;
+ if (checkCertificateRevocation) {
+ chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+ }
ScopedCertChainContext pChainContext;
@@ -649,4 +650,9 @@ ByteArray SchannelContext::getFinishMessage() const {
//------------------------------------------------------------------------
+void SchannelContext::setCheckCertificateRevocation(bool b) {
+ checkCertificateRevocation = b;
+}
+
+
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 58e6551..887c7de 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -76,6 +76,8 @@ namespace Swift
void handleCertificateCardRemoved();
+ virtual void setCheckCertificateRevocation(bool b);
+
private:
enum SchannelState
{
@@ -103,5 +105,6 @@ namespace Swift
////Not needed, most likely
std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates
boost::shared_ptr<CAPICertificate> userCertificate;
+ bool checkCertificateRevocation;
};
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 8ab7c6c..8b0044c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -9,12 +9,22 @@
namespace Swift {
+SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
+}
+
bool SchannelContextFactory::canCreate() const {
return true;
}
TLSContext* SchannelContextFactory::createTLSContext() {
- return new SchannelContext();
+ SchannelContext* context = new SchannelContext();
+ context->setCheckCertificateRevocation(checkCertificateRevocation);
+ return context;
}
+void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
+ checkCertificateRevocation = b;
+}
+
+
}
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 43c39a9..9dc835c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -11,7 +11,14 @@
namespace Swift {
class SchannelContextFactory : public TLSContextFactory {
public:
+ SchannelContextFactory();
+
bool canCreate() const;
virtual TLSContext* createTLSContext();
+
+ virtual void setCheckCertificateRevocation(bool b);
+
+ public:
+ bool checkCertificateRevocation;
};
}