Hi Hans, On 12/11/12 09:45, Hans Leidekker wrote: > https://testbot.winehq.org/JobDetails.pl?Key=23300 is a test which shows that > revocation checks fail for the certificate on outlook.com when passed straight > to CertVerifyRevocation. The reason is that a CRL link specified in the > certificate does not resolve. > > https://testbot.winehq.org/JobDetails.pl?Key=23301 is a test which makes > a secure connection to outlook.com from wininet and shows that this succeeds. > > My conclusion is that native wininet doesn't perform revocation checks.
Your tests prove that we should relax our verification on CERT_TRUST_IS_OFFLINE_REVOCATION or something similar. To prove that revocation checks are not made, a test with truly revoked cert would be needed. Jacek
