From b2efa45ef3d50eedb965fea4d466b6bce96e01e7 Mon Sep 17 00:00:00 2001 From: Patrik Fiedler Date: Wed, 2 Aug 2017 10:08:56 +0200 Subject: [PATCH 1/4] enable crl checks for windows tls --- Release/src/http/client/http_client_winhttp.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Release/src/http/client/http_client_winhttp.cpp b/Release/src/http/client/http_client_winhttp.cpp index 52bf771a16..7fc5c3d15e 100644 --- a/Release/src/http/client/http_client_winhttp.cpp +++ b/Release/src/http/client/http_client_winhttp.cpp @@ -437,7 +437,7 @@ class winhttp_client : public _http_client_communicator } } -#if 0 // Work in progress. Enable this to support server certificate revocation check +#if 1 // Work in progress. Enable this to support server certificate revocation check if( m_secure ) { DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; From 3f47656ab14f6091dc85b20b18e7a434f5014ea9 Mon Sep 17 00:00:00 2001 From: Patrik Fiedler Date: Wed, 2 Aug 2017 11:43:37 +0200 Subject: [PATCH 2/4] use the right handle --- Release/src/http/client/http_client_winhttp.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Release/src/http/client/http_client_winhttp.cpp b/Release/src/http/client/http_client_winhttp.cpp index 7fc5c3d15e..578b644366 100644 --- a/Release/src/http/client/http_client_winhttp.cpp +++ b/Release/src/http/client/http_client_winhttp.cpp @@ -437,7 +437,7 @@ class winhttp_client : public _http_client_communicator } } -#if 1 // Work in progress. Enable this to support server certificate revocation check +#if 0 // Work in progress. Enable this to support server certificate revocation check if( m_secure ) { DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; @@ -542,6 +542,17 @@ class winhttp_client : public _http_client_communicator return; } + if (m_secure) + { + DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; + if (!WinHttpSetOption(winhttp_context->m_request_handle, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt))) + { + auto errorCode = GetLastError(); + request->report_error(errorCode, build_error_msg(errorCode, "Error enabling SSL revocation check")); + return; + } + } + if(proxy_info_required) { auto result = WinHttpSetOption( From ba1fdef46c30e27866ec4d42c997acd7eebff9dc Mon Sep 17 00:00:00 2001 From: Patrik Fiedler Date: Thu, 3 Aug 2017 13:54:38 +0200 Subject: [PATCH 3/4] delete unused code --- Release/src/http/client/http_client_winhttp.cpp | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/Release/src/http/client/http_client_winhttp.cpp b/Release/src/http/client/http_client_winhttp.cpp index 578b644366..b65f92e734 100644 --- a/Release/src/http/client/http_client_winhttp.cpp +++ b/Release/src/http/client/http_client_winhttp.cpp @@ -437,17 +437,6 @@ class winhttp_client : public _http_client_communicator } } -#if 0 // Work in progress. Enable this to support server certificate revocation check - if( m_secure ) - { - DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; - if(!WinHttpSetOption(m_hSession, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt))) - { - DWORD dwError = GetLastError(); dwError; - return report_failure(U("Error enabling SSL revocation check")); - } - } -#endif //Enable TLS 1.1 and 1.2 #if !defined(CPPREST_TARGET_XP) BOOL win32_result(FALSE); @@ -542,6 +531,7 @@ class winhttp_client : public _http_client_communicator return; } + // Enable the certificate revocation check if (m_secure) { DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; From 90ab8f7a2e27863bbdb0585478587ad05504f9da Mon Sep 17 00:00:00 2001 From: Robert Schumacher Date: Sat, 26 Aug 2017 01:49:03 -0700 Subject: [PATCH 4/4] Reformat --- .../src/http/client/http_client_winhttp.cpp | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Release/src/http/client/http_client_winhttp.cpp b/Release/src/http/client/http_client_winhttp.cpp index b65f92e734..d0bea3284e 100644 --- a/Release/src/http/client/http_client_winhttp.cpp +++ b/Release/src/http/client/http_client_winhttp.cpp @@ -531,17 +531,17 @@ class winhttp_client : public _http_client_communicator return; } - // Enable the certificate revocation check - if (m_secure) - { - DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; - if (!WinHttpSetOption(winhttp_context->m_request_handle, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt))) - { - auto errorCode = GetLastError(); - request->report_error(errorCode, build_error_msg(errorCode, "Error enabling SSL revocation check")); - return; - } - } + // Enable the certificate revocation check + if (m_secure) + { + DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION; + if (!WinHttpSetOption(winhttp_context->m_request_handle, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt))) + { + auto errorCode = GetLastError(); + request->report_error(errorCode, build_error_msg(errorCode, "Error enabling SSL revocation check")); + return; + } + } if(proxy_info_required) {