Commit be3a5e36 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Check revocation failures when verifying the SSL policy.

parent da11d66b
...@@ -3337,6 +3337,23 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, ...@@ -3337,6 +3337,23 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex, CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex); &pPolicyStatus->lElementIndex);
} }
else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_REVOKED && !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
{
pPolicyStatus->dwError = CERT_E_REVOKED;
find_element_with_error(pChainContext,
CERT_TRUST_IS_REVOKED, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_OFFLINE_REVOCATION &&
!(checks & SECURITY_FLAG_IGNORE_REVOCATION))
{
pPolicyStatus->dwError = CERT_E_REVOCATION_FAILURE;
find_element_with_error(pChainContext,
CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
else else
pPolicyStatus->dwError = NO_ERROR; pPolicyStatus->dwError = NO_ERROR;
/* We only need bother checking whether the name in the end certificate /* We only need bother checking whether the name in the end certificate
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment