From e33b7a309e0424450ab00bc6180df95c6c049195 Mon Sep 17 00:00:00 2001 From: dreijer <dreijer@echobit.net> Date: Tue, 24 Apr 2012 09:25:57 -0500 Subject: * Added additional cert store to chain validation. * Turned off revocation checking. diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp index 6169ad7..279c36b 100644 --- a/Swiften/TLS/Schannel/SchannelContext.cpp +++ b/Swiften/TLS/Schannel/SchannelContext.cpp @@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage); chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage); - DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; + // NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting + // to talk to their revocation server, such as Starfield) + DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/; ScopedCertChainContext pChainContext; @@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() { NULL, // Use the chain engine for the current user (assumes a user is logged in) pServerCert->getCertContext(), NULL, - NULL, + pServerCert->getCertContext()->hCertStore, &chainParams, chainFlags, NULL, -- cgit v0.10.2-6-g49f6