none
Certificate revocation check in WEC7 RRS feed

  • Question

  • There is still no API support to add a CRL to store in WEC7 (e.g. CertAddCRLContextToStore()). Therefore, certificate revocation could not be automatically verified with CertVerifyCertificateChainPolicy().

    We have implemented SSL/TLS with SSPI/SChannel, and we must decode manually the ASN.1 CRL file and verify manually if certificate serial number is revoked. There should be a way in the latest and greatest Windows Embedded OS to check automatically for revocation?  Anybody have implemented SSL/TLS and have been faced to the same problem with CRL?  What was your solution?  Thanks.

     

    Wednesday, April 6, 2011 3:33 PM

All replies

  • Using

    DWORD CertVerify (
     HANDLE hFile,
     LPCWSTR pszFileName,
     LPWSTR pUserName,
     DWORD  cchUserName,
     LPDWORD pdwCertFlags
    );

    pdwCertFlags will report

    CERT_REVOKED

    0x00000001

    The file is digitally signed, but its certificate is registered in the Revoked List.

     


    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com
    Thursday, April 7, 2011 7:24 AM
  • I do not know if can be useful, anyway a wrote a post about estabilishing a SSL connection with Windowsm sockets in Windows CE: see

    http://lcalligaris.wordpress.com/2011/04/07/implementing-a-secure-socket/


    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com
    Thursday, April 7, 2011 2:56 PM