diff options
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 14 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.h | 3 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.cpp | 12 | ||||
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.h | 7 |
4 files changed, 31 insertions, 5 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 2f2f2ae..641568d 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() { +SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) { m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -192,9 +192,10 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting - // to talk to their revocation server, such as Starfield) - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT; + if (checkCertificateRevocation) { + chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + } ScopedCertChainContext pChainContext; @@ -649,4 +650,9 @@ ByteArray SchannelContext::getFinishMessage() const { //------------------------------------------------------------------------ +void SchannelContext::setCheckCertificateRevocation(bool b) { + checkCertificateRevocation = b; +} + + } diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 58e6551..887c7de 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -76,6 +76,8 @@ namespace Swift void handleCertificateCardRemoved(); + virtual void setCheckCertificateRevocation(bool b); + private: enum SchannelState { @@ -103,5 +105,6 @@ namespace Swift ////Not needed, most likely std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates boost::shared_ptr<CAPICertificate> userCertificate; + bool checkCertificateRevocation; }; } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp index 8ab7c6c..8b0044c 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp +++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp @@ -9,12 +9,22 @@ namespace Swift { +SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) { +} + bool SchannelContextFactory::canCreate() const { return true; } TLSContext* SchannelContextFactory::createTLSContext() { - return new SchannelContext(); + SchannelContext* context = new SchannelContext(); + context->setCheckCertificateRevocation(checkCertificateRevocation); + return context; } +void SchannelContextFactory::setCheckCertificateRevocation(bool b) { + checkCertificateRevocation = b; +} + + } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h index 43c39a9..9dc835c 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.h +++ b/Swiften/TLS/Schannel/SchannelContextFactory.h @@ -11,7 +11,14 @@ namespace Swift { class SchannelContextFactory : public TLSContextFactory { public: + SchannelContextFactory(); + bool canCreate() const; virtual TLSContext* createTLSContext(); + + virtual void setCheckCertificateRevocation(bool b); + + public: + bool checkCertificateRevocation; }; } |