Swiftdiff options
Diffstat (limited to 'Swiften/TLS/Schannel')
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.cpp | 14 | ||||
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.h | 1 | ||||
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.cpp | 12 | ||||
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContextFactory.h | 7 |
4 files changed, 5 insertions, 29 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 641568d..2f2f2ae 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) { +SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() { m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -192,10 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT; - if (checkCertificateRevocation) { - chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; - } + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -650,9 +649,4 @@ ByteArray SchannelContext::getFinishMessage() const { //------------------------------------------------------------------------ -void SchannelContext::setCheckCertificateRevocation(bool b) { - checkCertificateRevocation = b; -} - - } diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 587d0e7..58e6551 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -103,6 +103,5 @@ namespace Swift ////Not needed, most likely std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates boost::shared_ptr<CAPICertificate> userCertificate; - bool checkCertificateRevocation; }; } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp index 8b0044c..8ab7c6c 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp +++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp @@ -9,22 +9,12 @@ namespace Swift { -SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) { -} - bool SchannelContextFactory::canCreate() const { return true; } TLSContext* SchannelContextFactory::createTLSContext() { - SchannelContext* context = new SchannelContext(); - context->setCheckCertificateRevocation(checkCertificateRevocation); - return context; + return new SchannelContext(); } -void SchannelContextFactory::setCheckCertificateRevocation(bool b) { - checkCertificateRevocation = b; -} - - } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h index 9dc835c..43c39a9 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.h +++ b/Swiften/TLS/Schannel/SchannelContextFactory.h @@ -11,14 +11,7 @@ namespace Swift { class SchannelContextFactory : public TLSContextFactory { public: - SchannelContextFactory(); - bool canCreate() const; virtual TLSContext* createTLSContext(); - - virtual void setCheckCertificateRevocation(bool b); - - public: - bool checkCertificateRevocation; }; } |