Skip to content

Commit

Permalink
Verify that a certificate hasn't been revoked
Browse files Browse the repository at this point in the history 
This stack overflow post recommends using
`CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT`:

https://stackoverflow.com/a/22097069
  • Loading branch information
@tobil4sk
tobil4sk committed Nov 25, 2024
1 parent 6b84ade commit 48f2565
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libs/mbedtls/mbedtls_stubs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ static int verify_callback(void* param, mbedtls_x509_crt *crt, int depth, uint32
}
PCCERT_CHAIN_CONTEXT chain_context = {0};
CERT_CHAIN_PARA parameters = {0};
if(!CertGetCertificateChain(NULL, primary_context, NULL, store, &parameters, 0, NULL, &chain_context)) {
if(!CertGetCertificateChain(NULL, primary_context, NULL, store, &parameters, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, NULL, &chain_context)) {
CertFreeCertificateContext(primary_context);
CertCloseStore(store, 0);
return MBEDTLS_ERR_X509_FATAL_ERROR;
Expand Down

0 comments on commit 48f2565

Please sign in to comment.