From: cantor Date: Fri, 12 Nov 2010 19:07:51 +0000 (+0000) Subject: Switch names of checkRevocation options based on feedback. X-Git-Tag: 1.4.1~15 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fxmltooling.git;a=commitdiff_plain;h=b487c026af7695ebc47e64c3c467cfc56759fe06 Switch names of checkRevocation options based on feedback. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/branches/REL_1@824 de75baf8-a10c-0410-a50a-987c0e22f00f --- diff --git a/xmltooling/security/AbstractPKIXTrustEngine.h b/xmltooling/security/AbstractPKIXTrustEngine.h index 3da7efa..641e059 100644 --- a/xmltooling/security/AbstractPKIXTrustEngine.h +++ b/xmltooling/security/AbstractPKIXTrustEngine.h @@ -46,14 +46,14 @@ namespace xmltooling { * If a DOM is supplied, the following XML content is supported: * * * * @param e DOM to supply configuration for provider */ AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr); - /** Controls revocation checking, currently limited to CRLs and supports "optional" and "required". */ + /** Controls revocation checking, currently limited to CRLs and supports "optional", "entityOnly", "fullChain". */ std::string m_checkRevocation; /** Flag controls whether every issuer in the trust path must have a CRL loaded. */ diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp index aced79d..ba5cfb2 100644 --- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp +++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp @@ -369,8 +369,8 @@ bool AbstractPKIXTrustEngine::validateWithCRLs( certEE, certChain, pkix.get(), - (m_checkRevocation=="required" || m_checkRevocation=="all"), - (m_fullCRLChain || m_checkRevocation=="all"), + (m_checkRevocation=="entityOnly" || m_checkRevocation=="fullChain"), + (m_fullCRLChain || m_checkRevocation=="fullChain"), inlineCRLs )) { return true;