From 0a51b8d172d3b51f8ff74f5410d936667aca4de2 Mon Sep 17 00:00:00 2001
From: Nils Maier <maierman@web.de>
Date: Sat, 12 Apr 2014 17:55:11 +0200
Subject: [PATCH] WinTLS: Accept chains with no revocation information.

This is kind what browser do anyway (IE, Firefox, Chrome tested), what
AppleTLS does, what GnuTLS does and what OpenSSL does. Actually, most
browsers will also be OK with the CRL/OCSP provider being offline.
WinTLS will still fail in that case.

Should revocation information be available in the trust chain (CRL or
OCSP) the certificate still will be checked!

"Real" CAs, aka. those provided by the OS or system CA bundle, usually
provide revocation information and are thus still checked.
It should be mostly (only?) custom (organization) CAs that lack
revocation information, but those users might want to use aria2 in their
intranets and VPNs anyway ;)

See #217
---
 src/WinTLSContext.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/WinTLSContext.cc b/src/WinTLSContext.cc
index 8b7e4bb5..1c678409 100644
--- a/src/WinTLSContext.cc
+++ b/src/WinTLSContext.cc
@@ -94,7 +94,8 @@ void WinTLSContext::setVerifyPeer(bool verify)
     credentials_.dwFlags =
       SCH_CRED_NO_DEFAULT_CREDS |
       SCH_CRED_AUTO_CRED_VALIDATION |
-      SCH_CRED_REVOCATION_CHECK_CHAIN;
+      SCH_CRED_REVOCATION_CHECK_CHAIN |
+      SCH_CRED_IGNORE_NO_REVOCATION_CHECK;
   }
   else {
     credentials_.dwFlags =