EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Setting proxy for CRL retrieving

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#18485
Posted: 12/15/2011 10:10:52
by Milan Kovarik (Basic support level)
Joined: 07/13/2011
Posts: 9

Hi,

how could I set proxy for CRL getting by TElX509CertificateValidator.

I use given code:

TElX509CertificateValidator certificateValidator = new TElX509CertificateValidator();
certificateValidator.CheckCRL = true;
...

When I want to validate a certificate I get "Certification Revocation List for this certificate could not be retrieved and/or validated".

How could I set a proxy that would be needed, please?

Best Regards,

Milan Kovarik
#18487
Posted: 12/15/2011 10:22:58
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

We have two so called "CRL retrievers" that are used by TElX509CertificateValidator to download CRLs: TElHTTPCRLRetriever that uses HTTP protocol and TElLDAPCRLRetriever that uses LDAP protocol.

You can set additional retriever options in TElX509CertificateValidator.OnBeforeCRLRetrieverUse event handler. You should check a type of its Retriever parameter and then use corresponding properties.

For TElHTTPCRLRetriever proxy setting can be adjusted using TElHTTPCRLRetriever.HTTPClient property (see http://www.eldos.com/documentation/sb...lient.html for its properties description).

Regard TElLDAPCRLRetriever there is no way to setup proxy now. If you need this functionality you can add a request to our wish list: https://www.eldos.com/sbb/wishlist.php
#18495
Posted: 12/16/2011 03:48:27
by Milan Kovarik (Basic support level)
Joined: 07/13/2011
Posts: 9

Thank you, I will try it with HTTPClient.
#19009
Posted: 02/13/2012 09:34:28
by Sam Bortman (Priority Standard support level)
Joined: 02/13/2012
Posts: 9

Quote
Vsevolod Ievgiienko wrote:
Thank you for contacting us.

We have two so called "CRL retrievers" that are used by TElX509CertificateValidator to download CRLs: TElHTTPCRLRetriever that uses HTTP protocol and TElLDAPCRLRetriever that uses LDAP protocol.

You can set additional retriever options in TElX509CertificateValidator.OnBeforeCRLRetrieverUse event handler. You should check a type of its Retriever parameter and then use corresponding properties.

For TElHTTPCRLRetriever proxy setting can be adjusted using TElHTTPCRLRetriever.HTTPClient property (see http://www.eldos.com/documentation/sb...lient.html for its properties description).
#19010
Posted: 02/13/2012 09:38:34
by Sam Bortman (Priority Standard support level)
Joined: 02/13/2012
Posts: 9

Hi, Vsevolod.

I've tried implementing CRL/OCSP retrival via TElHTTPCRLRetriever and TElHTTPOCSPClient (by assigning OnBeforeCRLRetrieverUse and OnBeforeOCSPClientUse) but I'm running into problems.

Is there any sample source I can reference or use as template?

Thanks!
Sam.

EDIT: the quote seems to have gone into a separate post. My two posts are actually one.
#19016
Posted: 02/13/2012 12:22:02
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

What exact problems do you have?
#19017
Posted: 02/13/2012 12:37:23
by Eugene Mayevski (EldoS Corp.)

You don't need to create new objects. Just cast the passed parameter to TElHTTPOCSPClient and adjust HTTPS client's properties by accessing the client via HTTPClient property of TElHTTPOCSPClient . There's no sample cause the procedure is trivial - a simple typecasting.


Sincerely yours
Eugene Mayevski
#19018
Posted: 02/13/2012 12:48:23
by Eugene Mayevski (EldoS Corp.)

I'll modify one of samples for you, please wait a minute.


Sincerely yours
Eugene Mayevski
#19019
Posted: 02/13/2012 13:24:47
by Eugene Mayevski (EldoS Corp.)

Here's the piece of code that you need:

Code
      private void CertificateValidator_OnBeforeOCSPClientUse(object Sender, TElX509Certificate Certificate, TElX509Certificate CACertificate, string OCSPLocation, ref SBOCSPClient.TElOCSPClient OCSPClient)
      {
         ((SBHTTPOCSPClient.TElHTTPOCSPClient)OCSPClient).HTTPClient.UseHTTPProxy = HTTPSClient.UseHTTPProxy;
         ((SBHTTPOCSPClient.TElHTTPOCSPClient)OCSPClient).HTTPClient.HTTPProxyHost = HTTPSClient.HTTPProxyHost;
         ((SBHTTPOCSPClient.TElHTTPOCSPClient)OCSPClient).HTTPClient.HTTPProxyPort = HTTPSClient.HTTPProxyPort;
         ((SBHTTPOCSPClient.TElHTTPOCSPClient)OCSPClient).HTTPClient.HTTPProxyUsername = HTTPSClient.HTTPProxyUsername;
         ((SBHTTPOCSPClient.TElHTTPOCSPClient)OCSPClient).HTTPClient.HTTPProxyPassword = HTTPSClient.HTTPProxyPassword;
      }

      private void CertificateValidator_OnBeforeCRLRetrieverUse(object Sender, TElX509Certificate Certificate, TElX509Certificate CACertificate, SBX509Ext.TSBGeneralName NameType, string Location, ref SBCRLStorage.TElCustomCRLRetriever Retriever)
      {
         ((SBHTTPCRL.TElHTTPCRLRetriever)Retriever).HTTPClient.UseHTTPProxy = HTTPSClient.UseHTTPProxy;
         ((SBHTTPCRL.TElHTTPCRLRetriever)Retriever).HTTPClient.HTTPProxyHost = HTTPSClient.HTTPProxyHost;
         ((SBHTTPCRL.TElHTTPCRLRetriever)Retriever).HTTPClient.HTTPProxyPort = HTTPSClient.HTTPProxyPort;
         ((SBHTTPCRL.TElHTTPCRLRetriever)Retriever).HTTPClient.HTTPProxyUsername = HTTPSClient.HTTPProxyUsername;
         ((SBHTTPCRL.TElHTTPCRLRetriever)Retriever).HTTPClient.HTTPProxyPassword = HTTPSClient.HTTPProxyPassword;
      }


Sincerely yours
Eugene Mayevski
#19033
Posted: 02/14/2012 08:54:13
by Sam Bortman (Priority Standard support level)
Joined: 02/13/2012
Posts: 9

Hi, Eugene.

Sorry for not getting back to you, sooner, with the specific errors I was getting, per your request. These were mostly runtime access violations when using OCSP. For some odd reason I didn't get runtime errors when dealing with CRLs. But then again, I don't even know if the CRL code was working as intended, anyway (likely not.)

And thanks for taking the time to create a sample code.

It seems like I originally go it all wrong and went about instantiating new objects and such (even tryed to assign back to the by-ref retriever), not at all like the typecasting you suggest. I will grab your example and adapt it to the code at hand and will give it a try.

Many thanks!
Sam.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2778 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!