EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Public Key - Ver 4.x upgrade to v5.x

Posted: 03/27/2007 01:55:15
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I am using the source code. Are you saying that it works with the source code? As I am unable to get it to do so.
Posted: 03/27/2007 07:13:00
by Eugene Mayevski (Team)

Please ignore my last post. We've mixed two questions - about the license key and about certificate behaviour.

Sincerely yours
Eugene Mayevski
Posted: 03/27/2007 07:14:56
by Ken Ivanov (Team)

We were able to successfully reproduce the issue with connection failure. It was caused by incorrect certificate validation process (actually, the validation process itself is OK, but the sample certificate is incorrectly loaded by TElX509Certificate class and this results in failure of validation process). Please replace the code of TElAuthorityKeyIdentifierExtension.SetValue() method with the following code to apply the fix:
procedure TElAuthorityKeyIdentifierExtension.SetValue(const Value: BufferType);
  Tag, SeqTag : TElASN1ConstrainedTag;
  CurrTagIndex : integer;
  Tag := TElASN1ConstrainedTag.Create;
    if Tag.LoadFromBuffer(@Value[1], Length(Value)) then
      if (Tag.Count = 1) and (Tag.GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) then
        SeqTag := TElASN1ConstrainedTag(Tag.GetField(0));
        CurrTagIndex := 0;
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($80, false)) then
          FKeyIdentifier := TElASN1SimpleTag(SeqTag.GetField(CurrTagIndex)).Content;
        else if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($A0, true)) then
          if (TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).Count > 0) and
            TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).GetField(0).CheckType(SB_ASN1_OCTETSTRING, false) then
            FKeyIdentifier := TElASN1SimpleTag(TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).GetField(0)).Content;
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($A1, true)) then
          FAuthorityCertIssuer.LoadFromTag(TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)), true);
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($82, false)) then
          FAuthorityCertSerial := RotateInteger(TElASN1SimpleTag(SeqTag.GetField(CurrTagIndex)).Content);

After the above changes the connection should be established correctly.
Posted: 03/27/2007 17:58:14
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

Thanks for the update, but it hasn't worked in my code or the (Indy10) CBServ or CbClient sample apps. Were you able to load it correctly through these sample apps?

Its is traversing through the updated SBX509Ext code above.

Any other suggestions?
Posted: 03/28/2007 00:17:41
by Ken Ivanov (Team)

Would you be so kind to provide us the following information:
a) what kind of errors are you getting now? Is it still a 'public key not available' exception or 75784 error? On which side (client or server) is the error returned?
b) a call stack that takes place when the error is returned.

Thank you in advance.
Posted: 03/29/2007 00:41:48
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I am still receiving the Public Key not available on the Client Side.

Call stack from the CBClient application when exception raised...

:7c812a5b kernel32.RaiseException + 0x52
:00451322 TControl.Click + $6A
:00451725 TControl.DoMouseUp + $31
:00450aa7 TControl.Perform + $27
:00454816 TWinControl.IsControlMouseMsg + $A6
:004659b2 TCustomForm.WndProc + $536
:0045444b TWinControl.MainWndProc + $2F
:00424d56 StdWndProc + $16
:77d48734 USER32.GetDC + 0x6d
:77d48816 ; C:\WINDOWS\system32\USER32.dll
:77d489cd ; C:\WINDOWS\system32\USER32.dll
:77d496c7 USER32.DispatchMessageA + 0xf
:0046d45d TApplication.ProcessMessage + $101

Callstack from the CBServ

:7c812a5b kernel32.RaiseException + 0x52
:00424007 ThreadProc + $37
:0040514e ThreadWrapper + $2A
:7c80b683 ; C:\WINDOWS\system32\kernel32.dll

Let me know if you require any further information.
Posted: 03/29/2007 06:06:55
by Ken Ivanov (Team)

Such a call stack may appear only if there are some problems with the certificates being used. However, it should not appear if 'normal' certificates are used. So the issue looks very strange for us.

BTW, what exactly SecureBlackbox build are you using? Would you be so kind to try the 5.1.108 pre-release one and check if the issue also occurs with it?
Posted: 03/29/2007 23:01:20
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I was using 5.0.107. I even received the error with the certificates provided with the samples, so I don't know where the issue was introduced with the Certificates (and as I said originally my certificates worked under V4.x).

I have upgraded to 5.0.108 and it has fixed the issue.

Thanks for your assistance with this.
Posted: 03/29/2007 23:48:37
by Ken Ivanov (Team)

Great, thank you for letting us know.



Topic viewed 10457 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!