Use WinVerifyTrustEx to do and end-to-end validation of all signatures.
A command line option should be considered for how revocation checking should be performed, something like -revocationchecktype with possible values of "Online", "Offline", "None". Online will be the default, for now.
Online: use WTD_REVOCATION_CHECK_CHAIN to WinVerifyTrustEx.
None: use WTD_REVOCATION_CHECK_NONE to WinVerifyTrustEx.
Offline: use WTD_CACHE_ONLY_URL_RETRIEVAL | WTD_REVOCATION_CHECK_CHAIN to WinVerifyTrustEx.
vcsjones
commented
8 years ago
Use
WinVerifyTrustExto do and end-to-end validation of all signatures.A command line option should be considered for how revocation checking should be performed, something like
-revocationchecktypewith possible values of "Online", "Offline", "None". Online will be the default, for now.WTD_REVOCATION_CHECK_CHAINtoWinVerifyTrustEx.WTD_REVOCATION_CHECK_NONEtoWinVerifyTrustEx.WTD_CACHE_ONLY_URL_RETRIEVAL | WTD_REVOCATION_CHECK_CHAINtoWinVerifyTrustEx.