No way to build an X509Chain with CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE #14917
Milestone
Comments
|
I say perhaps because I feel it's still a weak argument - there is a viable alternative which is completely disable root authority auto updates on the machine by register policy. Maybe that's better since they're likely to fail for all the other processes as well, not just me. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I found a fix for a bug I'm encountering in a locked down network environment might be to pass the
CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATEflag toCertGetCertificateChainunmanaged API which is part of X509Chain.Build()'s implementation of building the certificate chain.Perhaps unfortunately, what the internal BuildChain wrapper function does is construct its flags for passing to CertGetCertificateChain by calling
X509Utils.MapRevocationFlags(revocationMode, revocationFlag);which will never set the flag to disable auth root auto update.
The text was updated successfully, but these errors were encountered: