EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Unable to add an item to the CertificateRevocationList

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#10137
Posted: 05/23/2009 17:28:40
by Marius  (Standard support level)
Joined: 05/23/2009
Posts: 13

Hello,

I'm having trouble adding an item to a CertificateRevocationList. The function that adds the certificate always returns -1. Is this a bug or i'm i doing something stupid here?

Thanks and greetings,
Marius



function TForm1.CheckCRL(AX509Certificate: TElX509Certificate): boolean;
var ACrl: TElCertificateRevocationList;
ARevocationItem: TElRevocationItem;
AStream: TMemoryStream;
AIndex: integer;
begin
Result := true;
//Quick en Dirty testje!
AStream := TMemoryStream.Create;
try
AStream.LoadFromFile('c:\crl\whatever.crl');

ACrl := TElCertificateRevocationList.Create(nil);
try

ACrl.LoadFromStream(AStream);
//Just a silly test to see if revocation is working
AIndex := ACrl.Add(AX509Certificate);
//<=== AIndex always -1 is this a bug?
ARevocationItem := ACrl.Items[AIndex];
ARevocationItem.RevocationDate := Date-1;


AIndex := ACrl.IndexOf(AX509Certificate);
if AIndex >= 0 then begin
ARevocationItem := ACrl.Items[AIndex];
if Now > ARevocationItem.RevocationDate
then Result := false;
end;

finally
ACrl.Free;
end;
finally
AStream.Free;
end;
end;
#10138
Posted: 05/23/2009 19:15:29
by Eugene Mayevski (EldoS Corp.)

If memory serves (I can't check this right now, but it should be this way):

When you load an existing CRL, it's already signed with a certificate, and so you can add new certificates only if both old and new certificates have common IssuerName. In other words, you can't just add some certificate to some CRL.


Sincerely yours
Eugene Mayevski
#10142
Posted: 05/24/2009 08:23:12
by Marius  (Standard support level)
Joined: 05/23/2009
Posts: 13

Thanks Eugene,

With your comment in mind i started investigating and i found out i was simply using the wrong CRL. I got a couple of them so a mistake is easely made.

Greetings,
Marius

Reply

Statistics

Topic viewed 811 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!