EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to: get CRL location from x509 certificate using SecureBlackBox

Posted: 04/28/2006 07:10:48
by Ken Ivanov (Team)

Yes, the CRLIssuer field may be empty. The X.509 specification defines the following relations between Name and CRLIssuer fields of CRL distribution points extension:

If the cRLDistributionPoints extension contains a DistributionPointName of type URI, the following semantics MUST be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. The expected
values for the URI are those defined in Processing rules for other values are not defined by this specification. If the distributionPoint omits reasons, the CRL MUST include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL MUST be issued by the CA that issued the certificate.
Posted: 09/12/2011 09:13:23
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Can someone please clarify this? In the end, how do I get a list of CRL locations from my x509 certificate?

Some .NET (C#) code would be useful.

Code listed below not work (Index was out of range. Must be non-negative and less than the size of the collection.)

Innokentiy Ivanov wrote:

Just to clarify. On my certificate there are two distribution points.
Posted: 09/12/2011 09:31:34
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You should additionaly check if Cert.Extensions.CRLDistributionPoints.Count and Cert.Extensions.CRLDistributionPoints.get_DistributionPoints(0).CRLIssuer.Count are not equal to zero. It seems that one of these values is 0.
Posted: 09/12/2011 09:44:56
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Thank you for your prompt reply. It works now. Value of first UniformResourceIdentifier was null.

Here is the code for future generations of lazy programmers ;)

TElGeneralNames names = null;
if (selectedCertificate.Extensions.CRLDistributionPoints.Count > 0)
    for (int i = 0; i < selectedCertificate.Extensions.CRLDistributionPoints.Count; i++)
        names = selectedCertificate.Extensions.CRLDistributionPoints.get_DistributionPoints(i).Name;

        for (int j = 0; j < names.Count; j++)
            if (names.get_Names(j).UniformResourceIdentifier != null)
                MessageBox.Show(String.Format("CRLDistributionPoint: {0} \n", names.get_Names(j).UniformResourceIdentifier), "Info");
Posted: 09/13/2011 01:25:20
by Vsevolod Ievgiienko (Team)

Thank you very much for the code. I believe it will help another users to solve the same problem.



Topic viewed 10384 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!