From 5b61ad968d61a2281e194eb8444dff4e105739f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Remko=20Tron=C3=A7on?= <git@el-tramo.be> Date: Mon, 30 Apr 2012 23:05:43 +0200 Subject: Revert "Re-enable revocation check." This reverts commit 856f970d14c5c32b80fc5ea359d4e567b51578a0. diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp index 6cd3c83..516482d 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp @@ -6,7 +6,6 @@ #include <Swiften/TLS/OpenSSL/OpenSSLContextFactory.h> #include <Swiften/TLS/OpenSSL/OpenSSLContext.h> -#include <Swiften/Base/Log.h> namespace Swift { @@ -18,11 +17,4 @@ TLSContext* OpenSSLContextFactory::createTLSContext() { return new OpenSSLContext(); } -void OpenSSLContextFactory::setCheckCertificateRevocation(bool) { - assert(false); - SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl; -} - - - } diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h index 43ab960..4e39cd6 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h +++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h @@ -8,15 +8,10 @@ #include <Swiften/TLS/TLSContextFactory.h> -#include <cassert> - namespace Swift { class OpenSSLContextFactory : public TLSContextFactory { public: bool canCreate() const; virtual TLSContext* createTLSContext(); - - // Not supported - virtual void setCheckCertificateRevocation(bool b); }; } diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 641568d..2f2f2ae 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -21,7 +21,7 @@ namespace Swift { //------------------------------------------------------------------------ -SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader(), checkCertificateRevocation(true) { +SchannelContext::SchannelContext() : m_state(Start), m_secContext(0), m_my_cert_store(NULL), m_cert_store_name("MY"), m_cert_name(), m_smartcard_reader() { m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | @@ -192,10 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT; - if (checkCertificateRevocation) { - chainFlags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; - } + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -650,9 +649,4 @@ ByteArray SchannelContext::getFinishMessage() const { //------------------------------------------------------------------------ -void SchannelContext::setCheckCertificateRevocation(bool b) { - checkCertificateRevocation = b; -} - - } diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 587d0e7..58e6551 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -103,6 +103,5 @@ namespace Swift ////Not needed, most likely std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates boost::shared_ptr<CAPICertificate> userCertificate; - bool checkCertificateRevocation; }; } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp index 8b0044c..8ab7c6c 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp +++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp @@ -9,22 +9,12 @@ namespace Swift { -SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) { -} - bool SchannelContextFactory::canCreate() const { return true; } TLSContext* SchannelContextFactory::createTLSContext() { - SchannelContext* context = new SchannelContext(); - context->setCheckCertificateRevocation(checkCertificateRevocation); - return context; + return new SchannelContext(); } -void SchannelContextFactory::setCheckCertificateRevocation(bool b) { - checkCertificateRevocation = b; -} - - } diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h index 9dc835c..43c39a9 100644 --- a/Swiften/TLS/Schannel/SchannelContextFactory.h +++ b/Swiften/TLS/Schannel/SchannelContextFactory.h @@ -11,14 +11,7 @@ namespace Swift { class SchannelContextFactory : public TLSContextFactory { public: - SchannelContextFactory(); - bool canCreate() const; virtual TLSContext* createTLSContext(); - - virtual void setCheckCertificateRevocation(bool b); - - public: - bool checkCertificateRevocation; }; } diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h index 5f08925..849ca71 100644 --- a/Swiften/TLS/TLSContextFactory.h +++ b/Swiften/TLS/TLSContextFactory.h @@ -16,6 +16,5 @@ namespace Swift { virtual bool canCreate() const = 0; virtual TLSContext* createTLSContext() = 0; - virtual void setCheckCertificateRevocation(bool b) = 0; }; } -- cgit v0.10.2-6-g49f6