RE: How to retrive the delta CRL location and revocation reason?
Hi Team, I am seeing the segmentation fault while executing the DELTA CDP retrieval code for second time. Should I need to clean the strings after created by the OBJ_create() function? Please have a look at the piece of code. First time it is running fine. Second time it is giving segmatation fault at OBJ_create(). How to avoid this? Any thoughts on the same are appreciated. Int i, ii, nid var; X509_CRL crl; DIST_POINT *pnt, *pnt1; nid = OBJ_create("2.5.29.46", "DCRLDP", "Dela CRL Distribution Point"); X509V3_EXT_add_alias(nid, NID_crl_distribution_points); pnt = X509_CRL_get_ext_d2i(crl, nid, &var, NULL); ii = sk_DIST_POINT_num(pnt); for (i = 0; i < sk_DIST_POINT_num(pnt); i++) { pnt1 = sk_DIST_POINT_value(pnt, i); if(pnt1->distpoint) { if(pnt1->distpoint->type == 0) { int j=0; GENERAL_NAMES *gen; GENERAL_NAME *gen1; gen = pnt1->distpoint->name.fullname; for(j = 0; jtype); switch (gen1->type) { case GEN_URI: printf("Here is the DELTA CDP. GOT IT\n"); printf("%s\n",gen1->d.ia5->data); strcpy(delta_cdp, (char*)gen1->d.ia5->data); break; } } } } } == -Original Message- From: Surendra Babu Ande (WT01 - SOFTWARE PRODUCTS GROUP) Sent: Monday, September 04, 2006 6:13 PM To: 'openssl-users@openssl.org' Subject: RE: How to retrive the delta CRL location and revocation reason? Hi, Thank you for the information. I enabled the Freshest CRL extension in base CRL thru our LONGHORN server settings. Now I could get the Delta CRL's CDP succcessfully. Thanks a lot. Millions of Thanks for your help, -Surendra -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Saturday, September 02, 2006 10:35 PM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Sat, Sep 02, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > Please have a look at the attached delta crl, base crl and certificate. > I could retrieve the CDP for base crl using traditional way. But I am > seeing problem in retrieving the CDP of delta crl. > Well among other things that certificate doesn't include a delta CRLDP in its extension which explains why you can't find it... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, Thank you for the information. I enabled the Freshest CRL extension in base CRL thru our LONGHORN server settings. Now I could get the Delta CRL's CDP succcessfully. Thanks a lot. Millions of Thanks for your help, -Surendra -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Saturday, September 02, 2006 10:35 PM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Sat, Sep 02, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > Please have a look at the attached delta crl, base crl and certificate. > I could retrieve the CDP for base crl using traditional way. But I am > seeing problem in retrieving the CDP of delta crl. > Well among other things that certificate doesn't include a delta CRLDP in its extension which explains why you can't find it... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to retrive the delta CRL location and revocation reason?
On Sat, Sep 02, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > Please have a look at the attached delta crl, base crl and certificate. > I could retrieve the CDP for base crl using traditional way. But I am > seeing problem in retrieving the CDP of delta crl. > Well among other things that certificate doesn't include a delta CRLDP in its extension which explains why you can't find it... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, Please have a look at the attached delta crl, base crl and certificate. I could retrieve the CDP for base crl using traditional way. But I am seeing problem in retrieving the CDP of delta crl. Have a look at the code snipet and also the outout of the code. Thanks a lot for your help. Code snippet: //AIM: Retrieve the CDP of delta CRL DIST_POINT *pnt, *pnt1; int nid, var; nid = OBJ_create("2.5.29.46", "DCRLDP", "Dela CRL Distribution Point"); X509V3_EXT_add_alias(nid, NID_crl_distribution_points); pnt = X509_get_ext_d2i(x, nid, &var, NULL); printf("X509_get_ext_d2i-- var returns [%d]\n", var); if (pnt != NULL) printf("X509_get_ext_d2i returns [%u]\n", pnt); if (pnt == NULL) printf("X509_get_ext_d2i returns NULL, [%u]\n", pnt); *** @@@ Output for the above code snippet for CDP DELTA CRL: X509_get_ext_d2i-- var returns [-1] X509_get_ext_d2i returns NULL, [0] @@@ Actual Behavior: I supposed to get 0 instead of -1 and pnt should not be NULL. Am I missing some thing? Could you please throw some light on this? (THOUSAND)**(THOUSAND) THANKS for your help. -Surendra -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, September 01, 2006 10:39 PM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Fri, Sep 01, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > Thanks a lot for clarification. But still I am NOT able to retrieve it. > > I followed below mentioned logic to retrive the delta crl as per your > suggestion. > But it not NOT extracting the cdp of delta crl. Could you please > throw some light on this? > I am using the nid in X509_get_ext_d2i() function. Is it correct? > Print out the error message in X509_get_ext_d2i() (see FAQ). Also can you post the certificate or send it to me privately. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to retrive the delta CRL location and revocation reason?
On Fri, Sep 01, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > Thanks a lot for clarification. But still I am NOT able to retrieve it. > > I followed below mentioned logic to retrive the delta crl as per your > suggestion. > But it not NOT extracting the cdp of delta crl. Could you please throw > some light on this? > I am using the nid in X509_get_ext_d2i() function. Is it correct? > Print out the error message in X509_get_ext_d2i() (see FAQ). Also can you post the certificate or send it to me privately. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, Thanks a lot for clarification. But still I am NOT able to retrieve it. I followed below mentioned logic to retrive the delta crl as per your suggestion. But it not NOT extracting the cdp of delta crl. Could you please throw some light on this? I am using the nid in X509_get_ext_d2i() function. Is it correct? int nid; DIST_POINT *pnt, *pnt1; nid = OBJ_create("2.5.29.46", "DCRLDP", "Dela CRL Distribution Point"); X509V3_EXT_add_alias(nid, NID_crl_distribution_points); pnt = X509_get_ext_d2i(x, nid, NULL, NULL); I followed this logic to extract the cdp for base crl. But for Delta crl, It is NOT going in to this for loop. sk_DIST_POINT_num(pnt) is returning -1. for (i = 0; i < sk_DIST_POINT_num(pnt); i++) { pnt1 = sk_DIST_POINT_value(pnt, i); if(pnt1->distpoint) { if(pnt1->distpoint->type == 0) { int j=0; GENERAL_NAMES *gen; GENERAL_NAME *gen1; printf(" DELTA_CRL\n"); gen = pnt1->distpoint->name.fullname; for(j = 0; jtype); switch (gen1->type) { case GEN_DNS: printf("DNS"); break; case GEN_URI: printf("Here is the DELTA CDP\n"); printf("%s\n",gen1->d.ia5->data); break; } } } } }//for. Could you please let me know, if I am missing something? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, September 01, 2006 6:27 PM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Thu, Aug 31, 2006, [EMAIL PROTECTED] wrote: > > Hi, > I am working on CRL validation. I am using openssl 0.9.8b. > > QUESTION: How to retrive the CDP for Delta CRL? > > Procedure: > Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL > directly. > However you can add the OID manually using OBJ_create() and alias the > extension to CRLDP and retrieve it that way. > > Could you please elaborate the same? > Well something like this... First you need to create an OID for Delta CRLDP: int nid; nid = OBJ_create("2.5.29.46", "DCRLDP", "Dela CRL Distribution Point"); X509V3_EXT_add_alias(nid, NID_crl_distribution_points); After that you can use the X509_CRL_get_ext_d2i() using "nid" and it should be parsed OK. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to retrive the delta CRL location and revocation reason?
On Thu, Aug 31, 2006, [EMAIL PROTECTED] wrote: > > Hi, > I am working on CRL validation. I am using openssl 0.9.8b. > > QUESTION: How to retrive the CDP for Delta CRL? > > Procedure: > Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL > directly. > However you can add the OID manually using OBJ_create() and alias the > extension to CRLDP and retrieve it that way. > > Could you please elaborate the same? > Well something like this... First you need to create an OID for Delta CRLDP: int nid; nid = OBJ_create("2.5.29.46", "DCRLDP", "Dela CRL Distribution Point"); X509V3_EXT_add_alias(nid, NID_crl_distribution_points); After that you can use the X509_CRL_get_ext_d2i() using "nid" and it should be parsed OK. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, I am working on CRL validation. I am using openssl 0.9.8b. QUESTION: How to retrive the CDP for Delta CRL? Please let me know the way to do it. Thousand thanks in advance. Procedure: Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. Could you please elaborate the same? Thousand Thanks -Suren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Sunday, August 27, 2006 4:03 AM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, I am working on CRL validation on LONGHORN CA. My issue is to extract the CDP for delta crl. I found a way to extract the delta crl name from normal crl file. Is it correct? Let me explain you clearly: I found that the delta crl name format in LONGHORN CA is some thing like... Normal CRL: something.crl Delta CRL: something+.crl. At the some location of normal crl. Since I already got the CRL, I can derive the delta crl(something+.crl) file name from that and will do the further processing. Is it correct? Will it be fine? If not, Could any body let me know the procedure to obtain the cdp for delta crl? Please let me know. Thanks a lot, -Suren Hi, I am working on CRL validation. I am using openssl 0.9.8b. QUESTION: How to retrive the CDP for Delta CRL? Procedure: Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. Could you please elaborate the same? Thousand Thanks -Suren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Sunday, August 27, 2006 4:03 AM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi, I am working on CRL validation. I am using openssl 0.9.8b. QUESTION: How to retrive the CDP for Delta CRL? Procedure: Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. Could you please elaborate the same? Thousand Thanks -Suren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Sunday, August 27, 2006 4:03 AM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
How to retrieve the delta crl's CDP? Could you please elaborate the same? Thank you, -Surendra On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. > ANSWER#1: Could you please elaborate this please? Appreciate your help if you could provide any code snippet to extract the delta crl's destribution point. >> The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). ANSWER#2: Thank you. I got the status as per your suggetion. I followed the below mentioned logic: X509_REVOKED rtmp; int reason = -1; if (rtmp.extensions) //Extensions are available. { ASN1_ENUMERATED *asn= NULL; asn = X509_REVOKED_get_ext_d2i(&rtmp, NID_crl_reason,NULL,NULL); if(asn != NULL) { reason = ASN1_ENUMERATED_get(asn); } ASN1_ENUMERATED_free(asn); } ** >>> Thank you, -Surendra Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Sunday, August 27, 2006 4:03 AM To: openssl-users@openssl.org Subject: Re: How to retrive the delta CRL location and revocation reason? On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. >>>>> ANSWER#1: Could you please elaborate this please? Appreciate your help if you could provide any code snippet to extract the delta crl's destribution point. >>>>>> The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). >>>>>>>> ANSWER#2: Thank you. I got the status as per your suggetion. I followed the below mentioned logic: X509_REVOKED rtmp; int reason = -1; if (rtmp.extensions) //Extensions are available. { ASN1_ENUMERATED *asn= NULL; asn = X509_REVOKED_get_ext_d2i(&rtmp, NID_crl_reason,NULL,NULL); if(asn != NULL) { reason = ASN1_ENUMERATED_get(asn); } ASN1_ENUMERATED_free(asn); } ** >>>>>>> Thank you, -Surendra Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to retrive the delta CRL location and revocation reason?
On Fri, Aug 25, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > I am working on the CRL validation. I am seeing some issues in > extracting the > - delta crl distribution point and > - reason for revocation. > > Could you please let me know your thoughts on how to access these two > above mentioned information? Delta CRLDP is a bit messy because it isn't yet supported by OpenSSL directly. However you can add the OID manually using OBJ_create() and alias the extension to CRLDP and retrieve it that way. The CRL reason code is easier. You can retrieve it from the relevant X509_REVOKED structure using X509_REVOKED_get_ext_d2i(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to retrive the delta CRL location and revocation reason?
Hi Team, I am working on the CRL validation. I am seeing some issues in extracting the - delta crl distribution point and - reason for revocation from the certifiacte. Which structure members in the CRL to be used to retrieve the information? Could you please let me know your thoughts on how to access these two above mentioned information? Let me explain you my problem clearly: 1. I got the crl from X509_STORE *ctx. 2. After receiving the crl, I checked the certificate, wheather it is revoked in crl. 3. I found that, the certificate is revoked(serial number is present) 4. After that, I would like to find the certificate revocation reason. But I am not able to extract the information. 5. Since the delta crl is enabled, I need to get the cdp (certificate distribution point) for delta crl. I am not able to retrieve the information. Could any body help me in retrieving the - Delta CRL distribution point and - CRL reason for revocation I am using the following data structues for CRL. struct X509_crl_st { /* actual signature */ X509_CRL_INFO *crl; X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int references; } X509_CRL ; typedef struct X509_crl_info_st { ASN1_INTEGER *version; X509_ALGOR *sig_alg; X509_NAME *issuer; ASN1_TIME *lastUpdate; ASN1_TIME *nextUpdate; STACK_OF(X509_REVOKED) *revoked; //It should give the revocation reason. STACK_OF(X509_EXTENSION) /* [0] */ *extensions; //It should give the cdp for delta crl. ASN1_ENCODING enc; } X509_CRL_INFO; Appreciate your help on the same. With best regards, -Surendra The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]