Skip to content

W
wine-winehq
Commit 17f44074 authored by Zebediah Figura's avatar Zebediah Figura Committed by Alexandre Julliard
Browse files
Options

cryptnet: Specify half of the remaining timeout for each CRL if…

cryptnet: Specify half of the remaining timeout for each CRL if CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG was specified. Instead of wasting the whole timeout on the first CRL. Signed-off-by: 's avatarZebediah Figura <zfigura@codeweavers.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 5d4083ab
Show whitespace changes
Inline Side-by-side
Showing with 16 additions and 16 deletions
dlls/cryptnet/cryptnet_main.c
View file @ 17f44074
...@@ -1539,22 +1539,24 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB * ...@@ -1539,22 +1539,24 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *
if (urlArray) if (urlArray)
{ {
DWORD j, retrievalFlags = 0, startTime, endTime, timeout; DWORD j, retrievalFlags = 0, timeout = 0;
BOOL ret; BOOL ret;
ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray, ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
&cbUrlArray, NULL, NULL); &cbUrlArray, NULL, NULL);
if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION) if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL; retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
if ((dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG) && pRevPara if ((dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG) && pRevPara
&& pRevPara->cbSize >= RTL_SIZEOF_THROUGH_FIELD(CERT_REVOCATION_PARA, dwUrlRetrievalTimeout)) && pRevPara->cbSize >= RTL_SIZEOF_THROUGH_FIELD(CERT_REVOCATION_PARA, dwUrlRetrievalTimeout))
{
startTime = GetTickCount();
endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
timeout = pRevPara->dwUrlRetrievalTimeout; timeout = pRevPara->dwUrlRetrievalTimeout;
}
else /* Yes, this is a weird algorithm, but the documentation for
endTime = timeout = 0; * CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT specifies this, and
* tests seem to bear it out for CertVerifyRevocation() as well. */
if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG)
timeout /= 2;
if (!ret) if (!ret)
error = GetLastError(); error = GetLastError();
/* continue looping if one was offline; break if revoked or timed out */ /* continue looping if one was offline; break if revoked or timed out */
...@@ -1568,20 +1570,18 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB * ...@@ -1568,20 +1570,18 @@ static DWORD verify_cert_revocation_from_dist_points_ext(const CRYPT_DATA_BLOB *
if (ret) if (ret)
{ {
error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus); error = verify_cert_revocation_with_crl_online(cert, crl, pTime, pRevStatus);
if (!error && timeout)
{
DWORD time = GetTickCount();
if ((int)(endTime - time) <= 0)
error = ERROR_TIMEOUT;
else
timeout = endTime - time;
}
CertFreeCRLContext(crl); CertFreeCRLContext(crl);
} }
else else
{
/* We don't check the current time here. This may result in
* less accurate timeouts, but this too seems to be true of
* Windows. */
if (GetLastError() == ERROR_TIMEOUT)
timeout /= 2;
error = CRYPT_E_REVOCATION_OFFLINE; error = CRYPT_E_REVOCATION_OFFLINE;
} }
}
CryptMemFree(urlArray); CryptMemFree(urlArray);
} }
else else
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment