From 5b61ad968d61a2281e194eb8444dff4e105739f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Remko=20Tron=C3=A7on?= <git@el-tramo.be>
Date: Mon, 30 Apr 2012 23:05:43 +0200
Subject: Revert "Re-enable revocation check."

This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0.

diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
index 6cd3c83..516482d 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
@@ -6,7 +6,6 @@
 
 #include <Swiften/TLS/OpenSSL/OpenSSLContextFactory.h>
 #include <Swiften/TLS/OpenSSL/OpenSSLContext.h>
-#include <Swiften/Base/Log.h>
 
 namespace Swift {
 
@@ -18,11 +17,4 @@ TLSContext* OpenSSLContextFactory::createTLSContext() {
 	return new OpenSSLContext();
 }
 
-void OpenSSLContextFactory::setCheckCertificateRevocation(bool) {
-	assert(false);
-	SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl;
-}
-
-
-
 }
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
index 43ab960..4e39cd6 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
@@ -8,15 +8,10 @@
 
 #include <Swiften/TLS/TLSContextFactory.h>
 
-#include <cassert>
-
 namespace Swift {
 	class OpenSSLContextFactory : public TLSContextFactory {
 		public:
 			bool canCreate() const;
 			virtual TLSContext* createTLSContext();
-
-			// Not supported
-			virtual void setCheckCertificateRevocation(bool b);
 	};
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 641568d..2f2f2ae 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -21,7 +21,7 @@ namespace Swift {
 
 //------------------------------------------------------------------------
 
-SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) {
+SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() {
 	m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY |
 				ISC_REQ_CONFIDENTIALITY |
 				ISC_REQ_EXTENDED_ERROR |
@@ -192,10 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
 	chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
 	chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
 
-	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT;
-	if (checkCertificateRevocation) {
-		chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
-	}
+	// NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
+	// to talk to their revocation server, such as Starfield)
+	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
 
 	ScopedCertChainContext pChainContext;
 
@@ -650,9 +649,4 @@ ByteArray SchannelContext::getFinishMessage() const {
 
 //------------------------------------------------------------------------
 
-void SchannelContext::setCheckCertificateRevocation(bool b) {
-	checkCertificateRevocation = b;
-}
-
-
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 587d0e7..58e6551 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -103,6 +103,5 @@ namespace Swift
 ////Not needed, most likely
 		std::string		m_smartcard_reader;	//Can be empty string for non SmartCard certificates
 		boost::shared_ptr<CAPICertificate> userCertificate;
-		bool checkCertificateRevocation;
 	};
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 8b0044c..8ab7c6c 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -9,22 +9,12 @@
 
 namespace Swift {
 
-SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
-}
-
 bool SchannelContextFactory::canCreate() const {
 	return true;
 }
 
 TLSContext* SchannelContextFactory::createTLSContext() {
-	SchannelContext* context = new SchannelContext();
-	context->setCheckCertificateRevocation(checkCertificateRevocation);
-	return context;
+	return new SchannelContext();
 }
 
-void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
-	checkCertificateRevocation = b;
-}
-
-
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 9dc835c..43c39a9 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -11,14 +11,7 @@
 namespace Swift {
 	class SchannelContextFactory : public TLSContextFactory {
 		public:
-			SchannelContextFactory();
-
 			bool canCreate() const;
 			virtual TLSContext* createTLSContext();
-
-			virtual void setCheckCertificateRevocation(bool b);
-
-		public:
-			bool checkCertificateRevocation;
 	};
 }
diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h
index 5f08925..849ca71 100644
--- a/Swiften/TLS/TLSContextFactory.h
+++ b/Swiften/TLS/TLSContextFactory.h
@@ -16,6 +16,5 @@ namespace Swift {
 			virtual bool canCreate() const = 0;
 
 			virtual TLSContext* createTLSContext() = 0;
-			virtual void setCheckCertificateRevocation(bool b) = 0;
 	};
 }
-- 
cgit v0.10.2-6-g49f6