winhttp: Verify revocation status of certificate chain.

55aae25d · Juan Lang · Alexandre Julliard · fa4c8c09 · 55aae25d
Commit 55aae25d authored Dec 03, 2009 by Juan Lang Committed by Alexandre Julliard Nov 16, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net.c dlls/winhttp/net.c +2 -1

No files found.
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -273,7 +273,8 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
    TRACE("verifying %s\n", debugstr_w( server ));
    chainPara.RequestedUsage.Usage.cUsageIdentifier = 1;
    chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth;
-    if ((ret = CertGetCertificateChain( NULL, cert, NULL, store, &chainPara, 0,
+    if ((ret = CertGetCertificateChain( NULL, cert, NULL, store, &chainPara,
+                                        CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
                                        NULL, &chain )))
    {
        if (chain->TrustStatus.dwErrorStatus)