EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate Validation

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#4481
Posted: 12/12/2007 08:43:40
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

humm

so reason never returns value "2", when certificate is revoked it returns "34" right?
#4482
Posted: 12/12/2007 08:56:49
by Dmytro Bogatskyy (EldoS Corp.)

Quote
so reason never returns value "2", when certificate is revoked it returns "34" right?

You are right. The correct way is to perform validation with CA certificate anyway.
The following check would be added in the next version.
Thank you, for pointing this.
#4745
Posted: 01/18/2008 13:10:20
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

Hi,

i have one question about certificates.

If i add the Signing Certificate to KeyInfo i use X509Data.Certificate.
But if i want to add various certificates (including the signing one) i use X509Data.CertStorage and let X509Data.Certificate empty right?

I tried to add one to Certificate and other different to CertStorage but it returns a error on Sign() call.

So i added the signing certificate and another one to CertStorage. The Sign() was successfully.
Then i verified the signature, using standard methods validateReferences and validateSignatures, and it returns OK.

My question is:
how these methods knows which one is the signing certificate? they only access to the certificate element.

after this methods i should verify if the certificate used is the one referenced by SigningCertificate element comparing (serialnumber, issuerName and digest).
If i have 2 certificates in the KeyInfo how can i associate each X509Certificate element to the correct Issuer element?

thanks in advance


#4748
Posted: 01/19/2008 02:39:50
by Eugene Mayevski (EldoS Corp.)

1) Please create new topics for new questions. This makes it easier to read and answer the posts.

2) Here's the comment from the source code:

// if CertStorage is nil, Certificate points to the certificate to be used for signing.
// if CertStorage is not nil and Certificate is nil, the certificate to be used for signing is searched using the signature algorithm
// if CertStorage is not nil and Certificate is set to one of CertStorage certificates, the chain is built starting from Certificate


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 28426 times

Number of guests: 3, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!