After you install security update 835732 on a Windows-based computer, the Cryptographic API cannot download the Certificate Revocation List (884900)



The information in this article applies to:

  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.x
  • Microsoft Internet Explorer 4.x
  • Microsoft Internet Explorer 3.x

SYMPTOMS

You install security update 835732 (security bulletin MS04-011) on a Microsoft Windows-based computer. When the Cryptographic API (CAPI) tries to download the Certificate Revocation List (CRL) by connecting through a proxy server, the proxy server may not authenticate user credentials from the Windows-based computer. In this case, the CAPI cannot download the CRL.

Note Microsoft Internet Explorer uses the CAPI.

STATUS

This behavior is by design.

MORE INFORMATION

If security update 835732 is not applied, the CAPI uses the Wininet.dll file to communicate with proxy servers. However, if security update 835732 is applied, the CAPI uses the Winhttp.dll file instead of the Wininet.dll file to communicate with proxy servers. The Winhttp.dll file does not provide any user interface to enter user credentials that are required for basic authentication. Also, there is no interface between the Wininet.dll file and the Winhttp.dll file that acts as a handover mechanism for user credentials.

Modification Type:MajorLast Reviewed:2/14/2006
Keywords:kbtshoot KB884900 kbAudEndUser kbAudITPRO