Comments
5 comments
-
Hi.
The site crl.verisign.net is the place where Verisign stores details about revoked certificates. Whether this site is accessed is controlled by the settings "check for * certificate revocation" in the IE settings under tools/internet options/advanced. Changing those options should stop the site being pinged by your machine, though your company may have an IT policy that prevents you doing this. -
Thanks, turning off "Check for publisher's certificate revocation" does work around the problem, but I don't really want to leave that off permanently, so I hope this gets fixed.
-
You can stop the CLR generating evidence for the digital signature by adding a generatePublisherEvidence element to the reflector.exe.config configuration file, as detailed in this blog post: http://blogs.technet.com/markrussinovic ... 44913.aspx
-
Ah, I see, so there's nothing Reflector itself can do about this.
The config change helps, thanks. It would be good to get that included in the Reflector download, so it's off by default. I doubt that any user really wants to check the CRL for Reflector. -
I've made the change for the next EAP release. Thanks for the report and the diagnostics.
Add comment
Please sign in to leave a comment.
I've tried both the "Use settings from Internet Explorer" option and configuring a proxy manually - no difference. When I check the TCP/IP tab in Process Explorer it reveals that Reflector tries to connect to crl.verisign.net:http, so it appears not to be using the proxy in this case. I guess it eventually times out and that's when it finally starts.
I think there are 2 separate bugs here:
1) Starting the app should not be delayed while connecting to some CRL server.
2) The proxy should be used properly.
Please fix the first bug before fixing the second.