SERVER-46729 Make Windows shell soft-fail for unavailable OCSP responder

(cherry picked from commit 9dcfaa1261cf847e6692269e77dd5ad4c14324e9)
(cherry picked from commit b6fb02d5780247fa294c1f5cc432a80722b4c21a)

1 files changed, 6 insertions, 2 deletions

diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp
index 3c59ab008ff..2a52552b0a5 100644
--- a/src/mongo/util/net/ssl_manager_windows.cpp
+++ b/src/mongo/util/net/ssl_manager_windows.cpp
@@ -1289,8 +1289,8 @@ Status SSLManagerWindows::_loadCertificates(const SSLParams& params) {
         }
 
         _clientEngine.CAstore = std::move(swChain.getValue());
-        _clientEngine.hasCRL = !params.sslCRLFile.empty();
     }
+    _clientEngine.hasCRL = !params.sslCRLFile.empty();
 
     const auto serverCAFile =
         params.sslClusterCAFile.empty() ? params.sslCAFile : params.sslClusterCAFile;
@@ -1301,8 +1301,8 @@ Status SSLManagerWindows::_loadCertificates(const SSLParams& params) {
         }
 
         _serverEngine.CAstore = std::move(swChain.getValue());
-        _serverEngine.hasCRL = !params.sslCRLFile.empty();
     }
+    _serverEngine.hasCRL = !params.sslCRLFile.empty();
 
     if (hasCertificateSelector(params.sslCertificateSelector)) {
         auto swCert = loadAndValidateCertificateSelector(params.sslCertificateSelector);
@@ -1690,6 +1690,10 @@ Status validatePeerCertificate(const std::string& remoteHost,
     chain_policy_para.cbSize = sizeof(chain_policy_para);
     chain_policy_para.pvExtraPolicyPara = &sslCertChainPolicy;
 
+    if (!hasCRL) {
+        chain_policy_para.dwFlags |= CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS;
+    }
+
     CERT_CHAIN_POLICY_STATUS certChainPolicyStatus;
     memset(&certChainPolicyStatus, 0, sizeof(certChainPolicyStatus));
     certChainPolicyStatus.cbSize = sizeof(certChainPolicyStatus);