Commit 987d637e authored by Hans Leidekker's avatar Hans Leidekker Committed by Alexandre Julliard

cryptnet: Fall back to online CRL verification if OCSP verification fails.

parent f08dcbf8
...@@ -2149,12 +2149,16 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime, ...@@ -2149,12 +2149,16 @@ static DWORD verify_cert_revocation(const CERT_CONTEXT *cert, FILETIME *pTime,
if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{ {
error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus); error = verify_cert_revocation_from_aia_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
TRACE("verify_cert_revocation_from_aia_ext() returned %08lx\n", error);
if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error;
} }
else if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
{ {
error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus); error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert, pTime, dwFlags, pRevPara, pRevStatus);
TRACE("verify_cert_revocation_from_dist_points_ext() returned %08lx\n", error);
if (error == ERROR_SUCCESS || error == CRYPT_E_REVOKED) return error;
} }
else if (!ext)
{ {
if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert) if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment