|
Forums -> Security Library Forum
Cert Revocation List Format |
|
|
by Mark Szekely [szekely dot mark at gmx dot net] posted on 2004/06/30 |
|
I want to use the VerifyRevocation(byte[]) function in the Certificate class.
I downloaded a base64 encoded CRL from my CA site
(-----BEGIN X509 CRL-----
MIICYDCCAUgCAQEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAkhVMREwDwYD
VQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2Fn
aSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazFCMEAGA1UEAxM5TmV0
TG9jayBNaW5vc2l0ZXR0IEtvemplZ3l6b2kgKENsYXNzIFFBKSBUYW51c2l0dmFu
eWtpYWRvMR4wHAYJKoZIhvcNAQkBFg9pbmZvQG5ldGxvY2suaHUXDTA0MDYzMDA2
MDAwM1oXDTA0MDcwMTA3MDAwM1owSjAjAgEUFw0wNDA0MjIxOTAwNTVaMA8wDQYD
VR0VAQH/BAMKAQAwIwIBGRcNMDQwNjI5MTgwMDA2WjAPMA0GA1UdFQEB/wQDCgEG
MA0GCSqGSIb3DQEBBQUAA4IBAQAvDUcCHGoZ+jB1cWMqMtD2NfNhC0oLjifMc6WY
whfCGR9aq+MmmekTzhweWDbMhZin4g0UcRTqIKud+T+yS9pxKy8ce6FMX+bvP2es
1TnDyuOxD/yBflUd8abUane7B8E/seV9Z8QV7nU8XJ4r9OeloUEalbKscdRQfNZu
kzaF8dd1tDk7JQ/IMTE5hT/bRe7+xxM/vpAIC9GXBPTIYKs+up/TEgcNP4U7cAI+
il+je5xu4llaArxdtosf2RB5U6N5TaoVkjzN4S1EoZTm2hRuVXBIwE3Jq0/858fC
S9BINZOqVIUar/2evJPJxlp5iP4KOBoUKYlz5GO1ph/Wqpf3
-----END X509 CRL-----)
If I decode this data to a byte array (without the header and trailer), then the VerifyRevocation function works correct.
But if I use a byte array of a p7b CRL file content
then I have a null reference exception.
Which CRL formats supports the security library? How can I transform CRLs to a correct format?
CertificateChain.VerifyChain method has
a Certificate file URL parameter.
Can I use an URL of a CRL here or in any other method?
Thanx,
Mark |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2004/07/04 |
|
The Security Library supports X509 CRLs [like the one you posted here]. However, as you noticed, the CRL must not be Base64 encoded.
> CertificateChain.VerifyChain method has
> a Certificate file URL parameter.
> Can I use an URL of a CRL here or in any other method?
The 'server' paramterer represents the common name of the certificate; it's not a CRL URL. |
|
|