--- a/src/modules/client/publisher.py Fri Sep 16 11:02:46 2011 +0900
+++ b/src/modules/client/publisher.py Sat Sep 17 10:17:12 2011 -0700
@@ -2388,12 +2388,13 @@
if rev:
raise api_errors.RevokedCertificate(cert, rev[1])
- def __check_revocation(self, cert, ca_dict):
+ def __check_revocation(self, cert, ca_dict, use_crls):
hsh = self.__hash_cert(cert)
if hsh in self.revoked_ca_certs:
raise api_errors.RevokedCertificate(cert,
"User manually revoked certificate.")
- self.__check_crls(cert, ca_dict)
+ if use_crls:
+ self.__check_crls(cert, ca_dict)
def __check_extensions(self, cert, usages, cur_pathlen):
"""Check whether the critical extensions in this certificate
@@ -2506,8 +2507,7 @@
self.__check_extensions(cert, usages, cur_pathlen)
# Check whether this certificate has been revoked.
- if use_crls:
- self.__check_revocation(cert, ca_dict)
+ self.__check_revocation(cert, ca_dict, use_crls)
while continue_loop:
# If this certificate's CN is in the set of required
@@ -2574,7 +2574,7 @@
c, CERT_SIGNING_USE,
cur_pathlen)
self.__check_revocation(c,
- ca_dict)
+ ca_dict, use_crls)
except (api_errors.UnsupportedCriticalExtension, api_errors.RevokedCertificate), e:
certs_with_problems.append(e)
problem = True