Faidon Liambotis wrote: > Alon Bar-Lev wrote: >> You need to use both, one for create the chain and the other to verify >> that it meets with system CTL for SSL. > Seems that you are right. Below you will find -v4 of the patch that does > that. > > Also, my previous version didn't actually check for revocations, > contrary to what I documented. > I added CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT to the dwFlags of > CertGetCertificateChain. > > Let me know what you think. Alon, ping?
I'd really like to have this patch merged this time. If you have any more comments or objections, just say so so I can fix them. If you don't, just say so, so it can get merged. Thanks, Faidon
