EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to: get CRL location from x509 certificate using SecureBlackBox

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 04/28/2006 07:10:48
by Ken Ivanov (EldoS Corp.)

Yes, the CRLIssuer field may be empty. The X.509 specification defines the following relations between Name and CRLIssuer fields of CRL distribution points extension:

If the cRLDistributionPoints extension contains a DistributionPointName of type URI, the following semantics MUST be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. The expected
values for the URI are those defined in Processing rules for other values are not defined by this specification. If the distributionPoint omits reasons, the CRL MUST include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL MUST be issued by the CA that issued the certificate.
Posted: 09/12/2011 09:13:23
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Can someone please clarify this? In the end, how do I get a list of CRL locations from my x509 certificate?

Some .NET (C#) code would be useful.

Code listed below not work (Index was out of range. Must be non-negative and less than the size of the collection.)

Innokentiy Ivanov wrote:

Just to clarify. On my certificate there are two distribution points.
Posted: 09/12/2011 09:31:34
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should additionaly check if Cert.Extensions.CRLDistributionPoints.Count and Cert.Extensions.CRLDistributionPoints.get_DistributionPoints(0).CRLIssuer.Count are not equal to zero. It seems that one of these values is 0.
Posted: 09/12/2011 09:44:56
by Petar  (Basic support level)
Joined: 08/31/2011
Posts: 6

Thank you for your prompt reply. It works now. Value of first UniformResourceIdentifier was null.

Here is the code for future generations of lazy programmers ;)

TElGeneralNames names = null;
if (selectedCertificate.Extensions.CRLDistributionPoints.Count > 0)
    for (int i = 0; i < selectedCertificate.Extensions.CRLDistributionPoints.Count; i++)
        names = selectedCertificate.Extensions.CRLDistributionPoints.get_DistributionPoints(i).Name;

        for (int j = 0; j < names.Count; j++)
            if (names.get_Names(j).UniformResourceIdentifier != null)
                MessageBox.Show(String.Format("CRLDistributionPoint: {0} \n", names.get_Names(j).UniformResourceIdentifier), "Info");
Posted: 09/13/2011 01:25:20
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you very much for the code. I believe it will help another users to solve the same problem.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.



Topic viewed 10177 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!