4 files changed, 31 insertions, 5 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 279c36b..20cb7d3 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -21,7 +21,7 @@ namespace Swift {
 
 //------------------------------------------------------------------------
 
-SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() {
+SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) {
 	m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY |
 				ISC_REQ_CONFIDENTIALITY |
 				ISC_REQ_EXTENDED_ERROR |
@@ -192,9 +192,10 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
 	chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
 	chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
 
-	// NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
-	// to talk to their revocation server, such as Starfield)
-	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
+	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT;
+	if (checkCertificateRevocation) {
+		chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+	}
 
 	ScopedCertChainContext pChainContext;
 
@@ -647,4 +648,9 @@ ByteArray SchannelContext::getFinishMessage() const {
 
 //------------------------------------------------------------------------
 
+void SchannelContext::setCheckCertificateRevocation(bool b) {
+	checkCertificateRevocation = b;
+}
+
+
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 7c2601b..62c0da2 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -74,6 +74,8 @@ namespace Swift
 
 		void			handleCertificateCardRemoved();
 
+		virtual void setCheckCertificateRevocation(bool b);
+
 	private:
 		enum SchannelState
 		{
@@ -101,5 +103,6 @@ namespace Swift
 ////Not needed, most likely
 		std::string		m_smartcard_reader;	//Can be empty string for non SmartCard certificates
 		boost::shared_ptr<CAPICertificate> userCertificate;
+		bool checkCertificateRevocation;
 	};
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 8ab7c6c..8b0044c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -9,12 +9,22 @@
 
 namespace Swift {
 
+SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
+}
+
 bool SchannelContextFactory::canCreate() const {
 	return true;
 }
 
 TLSContext* SchannelContextFactory::createTLSContext() {
-	return new SchannelContext();
+	SchannelContext* context = new SchannelContext();
+	context->setCheckCertificateRevocation(checkCertificateRevocation);
+	return context;
 }
 
+void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
+	checkCertificateRevocation = b;
+}
+
+
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 43c39a9..9dc835c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -11,7 +11,14 @@
 namespace Swift {
 	class SchannelContextFactory : public TLSContextFactory {
 		public:
+			SchannelContextFactory();
+
 			bool canCreate() const;
 			virtual TLSContext* createTLSContext();
+
+			virtual void setCheckCertificateRevocation(bool b);
+
+		public:
+			bool checkCertificateRevocation;
 	};
 }