Re: CertGetCertificateChain() vs CertVerifyRevocation()

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 05/28/04

• Next message: Agnihotri: "Re: CryptAcquireContext Fails in Windows 98"
• Previous message: Vishal Agarwal[MSFT]: "Re: How to get "Issuer to" information?"
• In reply to: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Next in thread: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Reply: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 27 May 2004 21:22:33 -0700

0x1000040 implies:
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN 0x00000040
#define CERT_TRUST_IS_OFFLINE_REVOCATION
0x01000000

Are you sure the CRL is fetched correctly? If so, can you ascertain that the
CRL's download are valid for the certifcate?

Thanks,
Vishal Agarwal [MSFT]

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"prem" <anonymous@discussions.microsoft.com> wrote in message
news:8D92AF30-7092-47D3-A4AA-A6FDC2DC603F@microsoft.com...
> Hi,
> I tried out CertGetCertificateChain() with fCheckRevocationFreshnessTime
as you mentioned. I got the CRL quickly but for those of the unrevoked
certificates I am getting 0x1000040 in the
pChainContext->TrustStatus.dwErrorStatus ( where pChainContext is of type
PCCERT_CHAIN_CONTEXT ). Whereas in the same program if I remove
fCheckRevocationFreshnessTime logic I get
pChainContext->TrustStatus.dwErrorStatus as CERT_TRUST_NO_ERROR. Why do I
get this different kind of behaviour for unrevoked certificates. I also dont
fine as entry for 0x1000040 in Wincrypt.h
>
> As metioned in the help I set the CERT_CHAIN_PARA to 0 by doing
memset(&ChainPara,0,sizeof(CERT_CHAIN_PARA));
>
> Thanks,
> Prem
>
>
>

---

• Next message: Agnihotri: "Re: CryptAcquireContext Fails in Windows 98"
• Previous message: Vishal Agarwal[MSFT]: "Re: How to get "Issuer to" information?"
• In reply to: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Next in thread: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Reply: prem: "Re: CertGetCertificateChain() vs CertVerifyRevocation()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Proposal for a new PKI model (At least I hope its new) ... it is online and it is dynamic. ... What is your solution in place of PKI and certificates? ... > distributed real-time CRL model. ... absolutely know all possible relying parties ... ... (sci.crypt) RE: CLR and AIA publishing properties unclear ... enterprise issuing CA and a web server hosting CRL and AIA for external ... include path in certificates. ... I do however publish CRL and deltas, CRL path should be ... should be included in certificates and delta CRL path in CRL's. ... (microsoft.public.windows.server.general) CLR and AIA publishing properties unclear ... enterprise issuing CA and a web server hosting CRL and AIA for external ... I am however in doubt of a few CRL/AIA publishing properties. ... include path in certificates. ... I do however publish CRL and deltas, CRL path should be ... (microsoft.public.windows.server.general) RE: RADIUS IAS CRL CHECK ... However, when the workstation is turned on, it can establish a ... It seems that the IAS ignores the CRL. ... certificates' in the DC, we do get an error of "The certificate is ... (microsoft.public.internet.radius) Problems with CRL ... I issued selfsigned root certificate, then issued user certificates signed ... Before I issued second root new CRL always replaced the old one. ... And when I revoke certificate issued by old root, ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2004-05