From 5db487102f47a2cec2d8575b29b09a4c17b4adbd Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Fri, 12 Nov 2010 19:07:51 +0000 Subject: [PATCH] Switch names of checkRevocation options based on feedback. --- xmltooling/security/AbstractPKIXTrustEngine.h | 4 ++-- xmltooling/security/impl/AbstractPKIXTrustEngine.cpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xmltooling/security/AbstractPKIXTrustEngine.h b/xmltooling/security/AbstractPKIXTrustEngine.h index 3da7efa..641e059 100644 --- a/xmltooling/security/AbstractPKIXTrustEngine.h +++ b/xmltooling/security/AbstractPKIXTrustEngine.h @@ -46,14 +46,14 @@ namespace xmltooling { * If a DOM is supplied, the following XML content is supported: * * * * @param e DOM to supply configuration for provider */ AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr); - /** Controls revocation checking, currently limited to CRLs and supports "optional" and "required". */ + /** Controls revocation checking, currently limited to CRLs and supports "optional", "entityOnly", "fullChain". */ std::string m_checkRevocation; /** Flag controls whether every issuer in the trust path must have a CRL loaded. */ diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp index aced79d..ba5cfb2 100644 --- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp +++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp @@ -369,8 +369,8 @@ bool AbstractPKIXTrustEngine::validateWithCRLs( certEE, certChain, pkix.get(), - (m_checkRevocation=="required" || m_checkRevocation=="all"), - (m_fullCRLChain || m_checkRevocation=="all"), + (m_checkRevocation=="entityOnly" || m_checkRevocation=="fullChain"), + (m_fullCRLChain || m_checkRevocation=="fullChain"), inlineCRLs )) { return true; -- 2.1.4