News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Cert Revocation List Format  
by Mark Szekely [szekely dot mark at gmx dot net]
posted on 2004/06/30

I want to use the VerifyRevocation(byte[]) function in the Certificate class.

I downloaded a base64 encoded CRL from my CA site
(-----BEGIN X509 CRL-----
MIICYDCCAUgCAQEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAkhVMREwDwYD
VQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2Fn
aSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazFCMEAGA1UEAxM5TmV0
TG9jayBNaW5vc2l0ZXR0IEtvemplZ3l6b2kgKENsYXNzIFFBKSBUYW51c2l0dmFu
eWtpYWRvMR4wHAYJKoZIhvcNAQkBFg9pbmZvQG5ldGxvY2suaHUXDTA0MDYzMDA2
MDAwM1oXDTA0MDcwMTA3MDAwM1owSjAjAgEUFw0wNDA0MjIxOTAwNTVaMA8wDQYD
VR0VAQH/BAMKAQAwIwIBGRcNMDQwNjI5MTgwMDA2WjAPMA0GA1UdFQEB/wQDCgEG
MA0GCSqGSIb3DQEBBQUAA4IBAQAvDUcCHGoZ+jB1cWMqMtD2NfNhC0oLjifMc6WY
whfCGR9aq+MmmekTzhweWDbMhZin4g0UcRTqIKud+T+yS9pxKy8ce6FMX+bvP2es
1TnDyuOxD/yBflUd8abUane7B8E/seV9Z8QV7nU8XJ4r9OeloUEalbKscdRQfNZu
kzaF8dd1tDk7JQ/IMTE5hT/bRe7+xxM/vpAIC9GXBPTIYKs+up/TEgcNP4U7cAI+
il+je5xu4llaArxdtosf2RB5U6N5TaoVkjzN4S1EoZTm2hRuVXBIwE3Jq0/858fC
S9BINZOqVIUar/2evJPJxlp5iP4KOBoUKYlz5GO1ph/Wqpf3
-----END X509 CRL-----)

If I decode this data to a byte array (without the header and trailer), then the VerifyRevocation function works correct.
But if I use a byte array of a p7b CRL file content
then I have a null reference exception.

Which CRL formats supports the security library? How can I transform CRLs to a correct format?

CertificateChain.VerifyChain method has
a Certificate file URL parameter.
Can I use an URL of a CRL here or in any other method?

Thanx,
Mark

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/07/04

The Security Library supports X509 CRLs [like the one you posted here]. However, as you noticed, the CRL must not be Base64 encoded.

> CertificateChain.VerifyChain method has
> a Certificate file URL parameter.
> Can I use an URL of a CRL here or in any other method?

The 'server' paramterer represents the common name of the certificate; it's not a CRL URL.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.