crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation…

crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want.

crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation…
56d4a3c3 · Juan Lang · Alexandre Julliard · dfd2d3d9 · 56d4a3c3
Commit 56d4a3c3 authored Sep 06, 2007 by Juan Lang Committed by Alexandre Julliard Sep 10, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

chain.c dlls/crypt32/chain.c +2 -1

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -258,7 +258,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
 static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
 PCCERT_CONTEXT cert, PDWORD pdwFlags)
 {
-    *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+    *pdwFlags = CERT_STORE_SIGNATURE_FLAG;
    return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
 }

@@ -509,6 +509,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
        rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
        CRYPT_CheckRootCert(engine->hRoot, rootElement);
    }
+    /* FIXME: check revocation of every cert with CertVerifyRevocation */
    CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
 }