Merge pull request microsoft#516 from xqp/feature/enable-certificate-revocation-pr

ras0219-msft · web-flow · commit d883eabb574a · 2017-08-26T01:50:00.000-07:00
enable certificate revocation check with winhttp
diff --git a/Release/src/http/client/http_client_winhttp.cpp b/Release/src/http/client/http_client_winhttp.cpp
@@ -455,17 +455,6 @@ class winhttp_client : public _http_client_communicator
             }
         }
 
-#if 0 // Work in progress. Enable this to support server certificate revocation check
-        if( m_secure )
-        {
-            DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION;
-            if(!WinHttpSetOption(m_hSession, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt)))
-            {
-                DWORD dwError = GetLastError(); dwError;
-                return report_failure(U("Error enabling SSL revocation check"));
-            }
-        }
-#endif
         //Enable TLS 1.1 and 1.2
 #if !defined(CPPREST_TARGET_XP)
         BOOL win32_result(FALSE);
@@ -559,6 +548,18 @@ class winhttp_client : public _http_client_communicator
             return;
         }
 
+        // Enable the certificate revocation check
+        if (m_secure)
+        {
+            DWORD dwEnableSSLRevocOpt = WINHTTP_ENABLE_SSL_REVOCATION;
+            if (!WinHttpSetOption(winhttp_context->m_request_handle, WINHTTP_OPTION_ENABLE_FEATURE, &dwEnableSSLRevocOpt, sizeof(dwEnableSSLRevocOpt)))
+            {
+                auto errorCode = GetLastError();
+                request->report_error(errorCode, build_error_msg(errorCode, "Error enabling SSL revocation check"));
+                return;
+            }
+        }
+
         if(proxy_info_required)
         {
             auto result = WinHttpSetOption(
