EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Problem verifying certs in OCSP server

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#8068
Posted: 11/06/2008 06:27:13
by David Martinez (Basic support level)
Joined: 10/16/2008
Posts: 13

Hi,

I am experiencing a stupid problem using TElHTTPOCSPClient, alternatively the requests succeed and fail, succeed, fail, .....

When fails it gives the error in exception

Unsupported algorithm (32767)

Does anyone have an answer?

Thanks
#8071
Posted: 11/06/2008 06:49:41
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

1) Which exactly method does fail?
2) Please provide us the callstack at the moment when the exception is thrown.
#8075
Posted: 11/06/2008 08:51:49
by David Martinez (Basic support level)
Joined: 10/16/2008
Posts: 13

The method is PerformRequest

and the stack

The method is PerformRequest

and the stack trace

Se detectó SBCryptoProvBuiltInHash.EElHashFunctionUnsupportedError
Message="Unsupported algorithm (32767)"
Source="SecureBlackbox"
StackTrace:
en SBCryptoProvBuiltInHash.TElBuiltInHashFunction.GetDigestSizeBits(Int32 Algorithm)
en SBCryptoProvBuiltInHash.TElBuiltInHashFunction.IsAlgorithmSupported(Int32 Algorithm)
en SBCryptoProvBuiltInHash.TElBuiltInHashFunction..ctor(Int32 Algorithm, TElCustomCryptoKey Key)
en SBCryptoProvBuiltInHash.TElBuiltInHashFunction..ctor(Byte[] OID, TElCustomCryptoKey Key)
en SBCryptoProvBuiltInPKI.TElBuiltInRSAPublicKeyCrypto.VerifyInit(Boolean Detached, Byte[] Signature, Int32 Index, Int32 SigSize)
en SBCryptoProvBuiltIn.TElBuiltInCryptoProvider.InternalVerifyInit(TElCustomCryptoContext Context, Byte[] SigBuffer, Int32 SigStartIndex, Int32 SigSize)
en SBCryptoProvBuiltIn.TElBuiltInCryptoProvider.VerifyInit(Int32 Algorithm, TElCustomCryptoKey Key, Byte[] SigBuffer, Int32 SigStartIndex, Int32 SigSize, TElRelativeDistinguishedName Params, TSBProgressFunc ProgressFunc, Object ProgressData)
en SBPublicKeyCrypto.TElRSAPublicKeyCrypto.VerifyInit(Boolean Detached, Byte[] Signature, Int32 Index, Int32 SigSize)
en SBPublicKeyCrypto.TElPublicKeyCrypto.VerifyDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[] SigBuffer, Int32 SigIndex, Int32 SigSize)
en SBOCSPClient.TElOCSPClient.ValidateResponseSignature(Byte[] ReplyBuf, Byte[] SignatureAlg, Byte[] SignatureParam, Byte[] SignatureBody, TElX509Certificate SignCertificate)
en SBOCSPClient.TElOCSPClient.ProcessReply(Byte[] Reply, Int16& ServerResult)
en SBHTTPOCSPClient.TElHTTPOCSPClient.PerformRequest(Int16& ServerResult, Byte[]& Reply)
en SignDocWS.SignDocService.ComprobarOCSP(String usuario, TElX509Certificate cert) en c:\Inetpub\wwwroot\SignDocWS\App_Code\Service.cs:línea 332
#8076
Posted: 11/06/2008 09:29:27
by Ken Ivanov (EldoS Corp.)

Thank you.

The stack shows that the problem occurs during response validation. Seems that the server sends non-valid responses from time to time.

Would you be so kind to dump the output of the server when the exception is thrown and send it us for investigation? The output can be catched using TElHTTPSClient.OnData event.

Feel free to create a ticket in the Helpdesk system to post the dump.
#8106
Posted: 11/07/2008 02:16:43
by David Martinez (Basic support level)
Joined: 10/16/2008
Posts: 13

When it suceeds there are two calls to OnData event with theese info respectively

0?\r^\n\0??\rW0?\rS\t+\a0?\rD0?\r@0???T0R1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA10U\bocsp-gva20081107081955Z0k0i0A0\t+\0???Y=?OY7\b?????=???x??yA:???R(?cC????\bK\0?S???%?\020081107052805Z?20081107082455Z?#0!0\t+\a007/11/2008 9:19:540\r\t*?H??\r\0??\0?on?P?G???Y?\a\v???????\b?nj????|??Z?hm???8?^r???T<?8?bk??]<??if?W?VX??!?-???Q??X&@Z???#??4??s\\?T??Gz???d??8+?bd??!????\v?0?\v?0?0???F???0\r\t*?H??\r\00h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana0\r070911151421Z\r120909141421Z0R1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA10U\bocsp-gva0??0\r\t*?H??\r\0??\00????\0??\v?.\b?{?????ewov1?H???2&e?\r?e?5????M?>rF?????_tZd~??w

z?8?G?*??\n?DF*-J%L;?px\t??ro?????/?uf<%?Aw?w0????>\\??q\nd?4b?q\0??`0?\\0U?\a?0U%\f0\n\b+\a\t0\t+\a0\rOCSP No Check0??U ??0??0??\r+?U\00??0??\b+\a0????\0S\0e\0r\0v\0i\0d\0o\0r\0 \0O\0C\0S\0P\0 \0d\0e\0 \0l\0a\0 \0A\0C\0C\0V\0.\0 \0L\0a\0 \0D\0e\0c\0l\0a\0r\0a\0c\0i\0?\0n\0 \0d\0e\0 \0P\0r\0?\0c\0t\0i\0c\0a\0s\0 \0q\0u\0e\0 \0r\0i\0g\0e\0 \0e\0l\0 \0f\0u\0n\0c\0i\0o\0n\0a\0m\0i\0e\0n\0t\0o\0 \0d\0e\0 \0l\0a\0 \0A\0u\0t\0o\0r\0i\0t\0a\0t\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0 \0d\0e\0 \0l\0a\0 \0C\0o\0m\0u\0n\0i\0t\0a\0t\0 \0V\0a\0l\0e\0n\0c\0i\0a\0n\0a\0 \0s\0e\0 \0e\0n\0c\0u\0e\0n\0t\0r\0a\0 \0e\0n\0 \0l\0a\0 \0d\0i\0r\0e\0c\0c\0i\0?\0n\0 \0w\0e\0b\0 \0h\0t\0t\0p\0:\0/\0/\0w\0w\0w\0.\0a\0c\0c\0v\0.\0e\0s\0/\0c\0p\0s0\"\b+\ahttp://www.accv.es/cps0/\b+\a#0!0\b+\a0?http://ocsp.accv.es0\r\t*?H??\r\0?\0?6GY==X??We???n*?Yz|\t.????R^@??p?:?-???$????)?w??J?R?A?&???????D???`&??&?/A?'?\0?h????????C?@??sI??)P`#?2X?S?]???-?????0???\a~?EU\07??Y??O&???x???'????]C_TC+!?lH(?9GA??L?n??????????Dqo(???n]???UA-i??\a\n\v???Y5???????0??xz??1\"<?-_????}x?0??0?s?;E?h0\r\t*?H??\r\00h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana0\r010706162247Z\r210701152247Z0h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana0?\"0\r\t*?H??\r\0?\00?\n?\0?*?W7/\"??t??-?\v?3R@&G?Zi?;r6L????/v?@Fte?R\b????????V93?h?__?m#??^\"?J?'?W???N2w\n?Ad??e?v?T?} ???t?\n_?\b(R\b?U]???????????T?2u1?b??u??O????A?ZJw?g????^?\f????R?S??D&?y??4`P{?k?G?_|h?n?A?k?{^%??????\\????1Ld^????~\f???U????I\a?$AzX??X????????\b1\0??;0?702\b+\a&0$0\"\b+\a0?http://ocsp.pki.gva.es0U?\b0?0?4U ?+0?'0?#\n+?U\00?0??\b+\a0????\0A\0u\0t\0o\0r\0i\0d\0a\0d\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0R\0a\0?\0z\0 \0d\0e\0 \0l\0a\0 \0G\0e\0n\0e\0r\0a\0l\0i\0t\0a\0t\0 \0V\0a\0l\0e\0n\0c\0i\0a\0n\0a\0.\0\r\0\n\0L\0a\0 \0D\0e\0c\0l\0a\0r\0a\0c\0i\0?\0n\0 \0d\0e\0 \0P\0r\0?\0c\0t\0i\0c\0a\0s\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0q\0u\0e\0 \0r\0i\0g\0e\0 \0e\0l\0 \0f\0u\0n\0c\0i\0o\0n\0a\0m\0i\0e\0n\0t\0o\0 \0d\0e\0 \0l\0a\0 \0p\0r\0e\0s\0e\0n\0t\0e\0 \0A\0u\0t\0o\0r\0i\0d\0a\0d\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0s\0e\0 \0e\0n\0c\0u\0e\0n\0t\0r\0a\0 \0e\0n\0 \0l\0a\0 \0d\0i\0r\0e\0c\0c\0i\0?\0n\0 \0w\0e\0b\0 \0h\0t\0t\0p\0:\0/\0/\0w\0w\0w\0.\0p\0k\0i\0.\0g\0v\0a\0.\0e\0s\0/\0c\0p\0s0%\b+\ahttp://www.pki.gva.es/cps0U{5?@?xf?t(?>O?x?0??U#??0???{5?@?xf?t(?>O?x??l?j0h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana?;E?h0\r\t*?H??\r\0?\0$aN???B*?\\u??m?????h???T?i?/?%P?|J??\t??u?@??P?=??m1??s\nH? r?o???aF??K}??R\t/?o??q??*Zs?GM6?MIQ??da??????4?\n&??\\?y:J0??O????1?*?sm~x????O?\"?dK?P????v?fu~e???????FW|M`??s#? ????af?}???ol=?????\"??3qZ?W=?????n\a????h???Zr\t?(??s?s_Pu1???|?


When it fails, the two following

0?\r^\n\0??\rW0?\rS\t+\a0?\rD0?\r@0???T0R1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA10U\bocsp-gva20081107082256Z0k0i0A0\t+\0???Y=?OY7\b?????=???x??yA:???R(?cC????\bK\0?S???%?\020081024071543Z?20081107082756Z?#0!0\t+\a007/11/2008 9:22:540\r\t*?H??\r\0??\0b6?\"EMu???????a??c?aT?rI??(??2llpO??lX>?????Dr?g?E?gy?af?v??Y??}?uVHfb?n?P???\0?Q?P5???Dr]\ty??????w/?a?????DaW??Z&?Nx???\v?0?\v?0?0???F???0\r\t*?H??\r\00h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPK

IGVA1'0%URoot CA Generalitat Valenciana0\r070911151421Z\r120909141421Z0R1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA10U\bocsp-gva0??0\r\t*?H??\r\0??\00????\0??\v?.\b?{?????ewov1?H???2&e?\r?e?5????M?>rF?????_tZd~??wz?8?G?*??\n?DF*-J%L;?px\t??ro?????/?uf<%?Aw?w0????>\\??q\nd?4b?q\0??`0?\\0U?\a?0U%\f0\n\b+\a\t0\t+\a0\rOCSP No Check0??U ??0??0??\r+?U\00??0??\b+\a0????\0S\0e\0r\0v\0i\0d\0o\0r\0 \0O\0C\0S\0P\0 \0d\0e\0 \0l\0a\0 \0A\0C\0C\0V\0.\0 \0L\0a\0 \0D\0e\0c\0l\0a\0r\0a\0c\0i\0?\0n\0 \0d\0e\0 \0P\0r\0?\0c\0t\0i\0c\0a\0s\0 \0q\0u\0e\0 \0r\0i\0g\0e\0 \0e\0l\0 \0f\0u\0n\0c\0i\0o\0n\0a\0m\0i\0e\0n\0t\0o\0 \0d\0e\0 \0l\0a\0 \0A\0u\0t\0o\0r\0i\0t\0a\0t\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0 \0d\0e\0 \0l\0a\0 \0C\0o\0m\0u\0n\0i\0t\0a\0t\0 \0V\0a\0l\0e\0n\0c\0i\0a\0n\0a\0 \0s\0e\0 \0e\0n\0c\0u\0e\0n\0t\0r\0a\0 \0e\0n\0 \0l\0a\0 \0d\0i\0r\0e\0c\0c\0i\0?\0n\0 \0w\0e\0b\0 \0h\0t\0t\0p\0:\0/\0/\0w\0w\0w\0.\0a\0c\0c\0v\0.\0e\0s\0/\0c\0p\0s0\"\b+\ahttp://www.accv.es/cps0/\b+\a#0!0\b+\a0?http://ocsp.accv.es0\r\t*?H??\r\0?\0?6GY==X??We???n*?Yz|\t.????R^@??p?:?-???$????)?w??J?R?A?&???????D???`&??&?/A?'?\0?h????????C?@??sI??)P`#?2X?S?]???-?????0???\a~?EU\07??Y??O&???x???'????]C_TC+!?lH(?9GA??L?n??????????Dqo(???n]???UA-i??\a\n\v???Y5???????0??xz??1\"<?-_????}x?0??0?s?;E?h0\r\t*?H??\r\00h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana0\r010706162247Z\r210701152247Z0h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana0?\"0\r\t*?H??\r\0?\00?\n?\0?*?W7/\"??t??-?\v?3R@&G?Zi?;r6L????/v?@Fte?R\b????????V93?h?__?m#??^\"?J?'?W???N2w\n?Ad??e?v?T?} ???t?\n_?\b(R\b?U]???????????T?2u1?b??u??O????A?ZJw?g????^?\f????R?S??D&?y??4`P{?k?G?_|h?n?A?k?{^%??????\\????1Ld^????~\f???U????I\a?$AzX??X????????\b1\0??;0?702\b+\a&0$0\"\b+\a0?http://ocsp.pki.gva.es0U?\b0?0?4U ?+0?'0?#\n+?U\00?0??\b+\a0????\0A\0u\0t\0o\0r\0i\0d\0a\0d\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0R\0a\0?\0z\0 \0d\0e\0 \0l\0a\0 \0G\0e\0n\0e\0r\0a\0l\0i\0t\0a\0t\0 \0V\0a\0l\0e\0n\0c\0i\0a\0n\0a\0.\0\r\0\n\0L\0a\0 \0D\0e\0c\0l\0a\0r\0a\0c\0i\0?\0n\0 \0d\0e\0 \0P\0r\0?\0c\0t\0i\0c\0a\0s\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0q\0u\0e\0 \0r\0i\0g\0e\0 \0e\0l\0 \0f\0u\0n\0c\0i\0o\0n\0a\0m\0i\0e\0n\0t\0o\0 \0d\0e\0 \0l\0a\0 \0p\0r\0e\0s\0e\0n\0t\0e\0 \0A\0u\0t\0o\0r\0i\0d\0a\0d\0 \0d\0e\0 \0C\0e\0r\0t\0i\0f\0i\0c\0a\0c\0i\0?\0n\0 \0s\0e\0 \0e\0n\0c\0u\0e\0n\0t\0r\0a\0 \0e\0n\0 \0l\0a\0 \0d\0i\0r\0e\0c\0c\0i\0?\0n\0 \0w\0e\0b\0 \0h\0t\0t\0p\0:\0/\0/\0w\0w\0w\0.\0p\0k\0i\0.\0g\0v\0a\0.\0e\0s\0/\0c\0p\0s0%\b+\ahttp://www.pki.gva.es/cps0U{5?@?xf?t(?>O?x?0??U#??0???{5?@?xf?t(?>O?x??l?j0h1\v0\tUES10U\nGeneralitat Valenciana10\rU\vPKIGVA1'0%URoot CA Generalitat Valenciana?;E?h0\r\t*?H??\r\0?\0$aN???B*?\\u??m?????h???T?i?/?%P?|J??\t??u?@??P?=??m1??s\nH? r?o???aF??K}??R\t/?o??q??*Zs?GM6?MIQ??da??????4?\n&??\\?y:J0??O????1?*?sm~x????O?\"?dK?P????v?fu~e???????FW|M`??s#? ????af?}???ol=?????\"??3qZ?W=?????n\a????h???Zr\t?(??s?s_Pu1???|?

I think this is not too useful
#8107
Posted: 11/07/2008 02:23:29
by Ken Ivanov (EldoS Corp.)

Would you be so kind to save both results (successful and unsuccessful) to the files and post them here? Web-based forum engine corrupts binary data so we cannot investigate it.
#8108
Posted: 11/07/2008 02:51:21
by David Martinez (Basic support level)
Joined: 10/16/2008
Posts: 13

YOu have the data in ticket 14335
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 2018 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!