EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to: get CRL location from x509 certificate using SecureBlackBox

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#93
Posted: 04/28/2006 07:10:48
by Ken Ivanov (EldoS Corp.)

Yes, the CRLIssuer field may be empty. The X.509 specification defines the following relations between Name and CRLIssuer fields of CRL distribution points extension:
Quote

If the cRLDistributionPoints extension contains a DistributionPointName of type URI, the following semantics MUST be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. The expected
values for the URI are those defined in 4.2.1.7. Processing rules for other values are not defined by this specification. If the distributionPoint omits reasons, the CRL MUST include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL MUST be issued by the CA that issued the certificate.
#17485
Posted: 09/12/2011 09:13:23
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Can someone please clarify this? In the end, how do I get a list of CRL locations from my x509 certificate?

Some .NET (C#) code would be useful.

Code listed below not work (Index was out of range. Must be non-negative and less than the size of the collection.)

Quote
Innokentiy Ivanov wrote:
Cert.Extensions.CRLDistributionPoints.get_DistributionPoints(0).CRLIssuer.get_Names(0).UniformResourceIdentifier


Just to clarify. On my certificate there are two distribution points.
#17486
Posted: 09/12/2011 09:31:34
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should additionaly check if Cert.Extensions.CRLDistributionPoints.Count and Cert.Extensions.CRLDistributionPoints.get_DistributionPoints(0).CRLIssuer.Count are not equal to zero. It seems that one of these values is 0.
#17487
Posted: 09/12/2011 09:44:56
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Thank you for your prompt reply. It works now. Value of first UniformResourceIdentifier was null.

Here is the code for future generations of lazy programmers ;)

Code
TElGeneralNames names = null;
if (selectedCertificate.Extensions.CRLDistributionPoints.Count > 0)
{
    for (int i = 0; i < selectedCertificate.Extensions.CRLDistributionPoints.Count; i++)
    {
        names = selectedCertificate.Extensions.CRLDistributionPoints.get_DistributionPoints(i).Name;

        for (int j = 0; j < names.Count; j++)
        {
            if (names.get_Names(j).UniformResourceIdentifier != null)
            {
                MessageBox.Show(String.Format("CRLDistributionPoint: {0} \n", names.get_Names(j).UniformResourceIdentifier), "Info");
            }
        }
    }
}
#17489
Posted: 09/13/2011 01:25:20
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you very much for the code. I believe it will help another users to solve the same problem.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 9930 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!