From 9c11acbb8801186bafa29ff820d368512590396a Mon Sep 17 00:00:00 2001
From: dreijer <dreijer@echobit.net>
Date: Tue, 24 Apr 2012 09:25:57 -0500
Subject: * Added additional cert store to chain validation. * Turned off
 revocation checking.

License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php

diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 13b57b4..2f2f2ae 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -192,7 +192,9 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
 	chainParams.RequestedUsage.Usage.cUsageIdentifier = ARRAYSIZE(usage);
 	chainParams.RequestedUsage.Usage.rgpszUsageIdentifier = const_cast<LPSTR*>(usage);
 
-	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+	// NOTE: We've turned off revocation checking due to some certificate providers causing timeouts when attempting
+	// to talk to their revocation server, such as Starfield)
+	DWORD chainFlags = CERT_CHAIN_CACHE_END_CERT /*| CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT*/;
 
 	ScopedCertChainContext pChainContext;
 
@@ -200,7 +202,7 @@ SECURITY_STATUS SchannelContext::validateServerCertificate() {
 		NULL, // Use the chain engine for the current user (assumes a user is logged in)
 		pServerCert->getCertContext(),
 		NULL,
-		NULL,
+		pServerCert->getCertContext()->hCertStore,
 		&chainParams,
 		chainFlags,
 		NULL,
-- 
cgit v0.10.2-6-g49f6