Use WinVerifyTrustEx to do and end-to-end validation of all signatures.
A command line option should be considered for how revocation checking should be performed, something like -revocationchecktype with possible values of "Online", "Offline", "None". Online will be the default, for now.
Online: use WTD_REVOCATION_CHECK_CHAIN to WinVerifyTrustEx.
None: use WTD_REVOCATION_CHECK_NONE to WinVerifyTrustEx.
Offline: use WTD_CACHE_ONLY_URL_RETRIEVAL | WTD_REVOCATION_CHECK_CHAIN to WinVerifyTrustEx.
Use
WinVerifyTrustEx
to do and end-to-end validation of all signatures.A command line option should be considered for how revocation checking should be performed, something like
-revocationchecktype
with possible values of "Online", "Offline", "None". Online will be the default, for now.WTD_REVOCATION_CHECK_CHAIN
toWinVerifyTrustEx
.WTD_REVOCATION_CHECK_NONE
toWinVerifyTrustEx
.WTD_CACHE_ONLY_URL_RETRIEVAL | WTD_REVOCATION_CHECK_CHAIN
toWinVerifyTrustEx
.