EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Public Key - Ver 4.x upgrade to v5.x

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#2629
Posted: 03/27/2007 01:55:15
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I am using the source code. Are you saying that it works with the source code? As I am unable to get it to do so.
#2630
Posted: 03/27/2007 07:13:00
by Eugene Mayevski (EldoS Corp.)

Please ignore my last post. We've mixed two questions - about the license key and about certificate behaviour.


Sincerely yours
Eugene Mayevski
#2631
Posted: 03/27/2007 07:14:56
by Ken Ivanov (EldoS Corp.)

We were able to successfully reproduce the issue with connection failure. It was caused by incorrect certificate validation process (actually, the validation process itself is OK, but the sample certificate is incorrectly loaded by TElX509Certificate class and this results in failure of validation process). Please replace the code of TElAuthorityKeyIdentifierExtension.SetValue() method with the following code to apply the fix:
Code
procedure TElAuthorityKeyIdentifierExtension.SetValue(const Value: BufferType);
var
  Tag, SeqTag : TElASN1ConstrainedTag;
  CurrTagIndex : integer;
begin
  inherited;
  Tag := TElASN1ConstrainedTag.Create;
  try
    if Tag.LoadFromBuffer(@Value[1], Length(Value)) then
    begin
      if (Tag.Count = 1) and (Tag.GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) then
      begin
        SeqTag := TElASN1ConstrainedTag(Tag.GetField(0));
        CurrTagIndex := 0;
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($80, false)) then
        begin
          FKeyIdentifier := TElASN1SimpleTag(SeqTag.GetField(CurrTagIndex)).Content;
          Inc(CurrTagIndex);
        end
        else if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($A0, true)) then
        begin
          if (TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).Count > 0) and
            TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).GetField(0).CheckType(SB_ASN1_OCTETSTRING, false) then
            FKeyIdentifier := TElASN1SimpleTag(TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)).GetField(0)).Content;
          Inc(CurrTagIndex);
        end;
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($A1, true)) then
        begin
          FAuthorityCertIssuer.LoadFromTag(TElASN1ConstrainedTag(SeqTag.GetField(CurrTagIndex)), true);
          Inc(CurrTagIndex);
        end;
        if (CurrTagIndex < SeqTag.Count) and (SeqTag.GetField(CurrTagIndex).CheckType($82, false)) then
        begin
          FAuthorityCertSerial := RotateInteger(TElASN1SimpleTag(SeqTag.GetField(CurrTagIndex)).Content);
        end;
      end
      else
        RaiseInvalidExtensionError;
    end
    else
      RaiseInvalidExtensionError;
  finally
    FreeAndNil(Tag);
  end;
end;

After the above changes the connection should be established correctly.
#2633
Posted: 03/27/2007 17:58:14
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

Thanks for the update, but it hasn't worked in my code or the (Indy10) CBServ or CbClient sample apps. Were you able to load it correctly through these sample apps?

Its is traversing through the updated SBX509Ext code above.

Any other suggestions?
#2634
Posted: 03/28/2007 00:17:41
by Ken Ivanov (EldoS Corp.)

Would you be so kind to provide us the following information:
a) what kind of errors are you getting now? Is it still a 'public key not available' exception or 75784 error? On which side (client or server) is the error returned?
b) a call stack that takes place when the error is returned.

Thank you in advance.
#2642
Posted: 03/29/2007 00:41:48
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I am still receiving the Public Key not available on the Client Side.

Call stack from the CBClient application when exception raised...

Quote
:7c812a5b kernel32.RaiseException + 0x52
SBPublicKeyCrypto.TElPublicKeyCrypto.Encrypt($AD0D84,48,nil,???)
SBClient.TElSecureClient.TLS1SendClientKeyExchange
SBClient.TElSecureClient.TLS1ParseServerHelloDone
SBClient.TElSecureClient.TLS1ParseOnHandshakeLayer($AA0BC5,4)
SBClient.TElSecureClient.TLS1ParseOnRecordLayer($AA0BC5,4,ctHandshake)
SBClient.TElSecureClient.AnalyzeBuffer
SBClient.TElSecureClient.DataAvailable
SBIndyIOHandler10.TElClientIndySSLIOHandlerSocket.StartSSL
SBIndyIOHandler10.TElClientIndySSLIOHandlerSocket.ConnectClient
IdIOHandlerSocket.TIdIOHandlerSocket.Open
SBIndyIOHandler10.TElClientIndySSLIOHandlerSocket.Open
IdTCPClient.TIdTCPClientCustom.Connect
MainForm.TForm1.SpeedButton1Click(???)
:00451322 TControl.Click + $6A
:00451725 TControl.DoMouseUp + $31
:00450aa7 TControl.Perform + $27
:00454816 TWinControl.IsControlMouseMsg + $A6
:004659b2 TCustomForm.WndProc + $536
:0045444b TWinControl.MainWndProc + $2F
:00424d56 StdWndProc + $16
:77d48734 USER32.GetDC + 0x6d
:77d48816 ; C:\WINDOWS\system32\USER32.dll
:77d489cd ; C:\WINDOWS\system32\USER32.dll
:77d496c7 USER32.DispatchMessageA + 0xf
:0046d45d TApplication.ProcessMessage + $101
:01000100



Callstack from the CBServ

Quote
:7c812a5b kernel32.RaiseException + 0x52
SBIndyServerIOHandler10.TElClientServerIndySSLIOHandlerSocket.StartSSL
SBIndyIOHandler10.TElClientIndySSLIOHandlerSocket.AfterAccept
SBIndyServerIOHandler10.TElIndySSLServerIOHandler.Accept($B70E40,???,$B955A0)
IdCustomTCPServer.TIdListenerThread.Run
IdThread.TIdThread.Execute
:00424007 ThreadProc + $37
:0040514e ThreadWrapper + $2A
:7c80b683 ; C:\WINDOWS\system32\kernel32.dll


Let me know if you require any further information.
#2644
Posted: 03/29/2007 06:06:55
by Ken Ivanov (EldoS Corp.)

Such a call stack may appear only if there are some problems with the certificates being used. However, it should not appear if 'normal' certificates are used. So the issue looks very strange for us.

BTW, what exactly SecureBlackbox build are you using? Would you be so kind to try the 5.1.108 pre-release one and check if the issue also occurs with it?
#2650
Posted: 03/29/2007 23:01:20
by Paul McIntyre (Standard support level)
Joined: 01/11/2007
Posts: 14

I was using 5.0.107. I even received the error with the certificates provided with the samples, so I don't know where the issue was introduced with the Certificates (and as I said originally my certificates worked under V4.x).

I have upgraded to 5.0.108 and it has fixed the issue.

Thanks for your assistance with this.
#2651
Posted: 03/29/2007 23:48:37
by Ken Ivanov (EldoS Corp.)

Great, thank you for letting us know.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 9211 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!