首頁 探索 說明
註冊 登入
Apq
/
aria2
镜像来自 https://github.com/aria2/aria2.git
1
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

WinTLS: Accept chains with no revocation information.

This is kind what browser do anyway (IE, Firefox, Chrome tested), what
AppleTLS does, what GnuTLS does and what OpenSSL does. Actually, most
browsers will also be OK with the CRL/OCSP provider being offline.
WinTLS will still fail in that case.

Should revocation information be available in the trust chain (CRL or
OCSP) the certificate still will be checked!

"Real" CAs, aka. those provided by the OS or system CA bundle, usually
provide revocation information and are thus still checked.
It should be mostly (only?) custom (organization) CAs that lack
revocation information, but those users might want to use aria2 in their
intranets and VPNs anyway ;)

See #217
Nils Maier 11 年之前
父節點
13a202df07
當前提交
0a51b8d172
共有 1 個文件被更改,包括 2 次插入1 次删除
分割檢視 顯示文件統計
  1. 2 1
      src/WinTLSContext.cc

+ 2 - 1
src/WinTLSContext.cc
查看文件 

@@ -94,7 +94,8 @@ void WinTLSContext::setVerifyPeer(bool verify)
 
     credentials_.dwFlags =
 
       SCH_CRED_NO_DEFAULT_CREDS |
 
       SCH_CRED_AUTO_CRED_VALIDATION |
 
-      SCH_CRED_REVOCATION_CHECK_CHAIN;
 
+      SCH_CRED_REVOCATION_CHECK_CHAIN |
 
+      SCH_CRED_IGNORE_NO_REVOCATION_CHECK;
 
   }
 
   else {
 
     credentials_.dwFlags =