implementing CertStore provider & CertVerifyRevocation
Kaido Kert
Has anyone tried to implement a certificate store provider ?
I have a smart card that contains two certificates, and i wrote a simple
cheesy readonly certstore provider that only
implements CertDllOpenStoreProv and CertStoreProvFindCert. I open up a temp
memory certstore i OpenStoreProv, add my two certs to this temp store and
then proxy CertStoreProvFindCert calls to CertFindCertificateInStore in that
temp memory store. It seems to work quite ok but im a bit concerned whether
its a "legal" implementation or not.
I was unable to get it to work with only adding certs to hCertStore given as
a CertDllOpenStoreProv param, as explained in PSDK.
Anyone else have had similar probs ?
The other issue im having, with CertVerifyRevocation on NT and 9x machines.
I have certificate where CRL dist point is given only as a HTTP url, now
when i do CertVerifyRevocation on W2K machines, it works fine. But on older
windowses it gives me an error message CRYPT_E_NO_REVOCATION_DLL. It seems
that CertVerifyRevocation tries to call CryptRetrieveObjectByUrl internally,
which is not supported on older windowses, and thus it fails. Whats the
regular approach, retrieve the CRL "manually" and then do revocation check
by looping through CRL entries or what ?
Just curious, the workaround is implemented already :)
regards,
/Kaido Kert
malifax
CERT_STORE_PROV_EXTERNAL_FLAG == 0 in CertDllOpenStoreProv?
"Kaido Kert" <kaido...@it.ee> wrote in message
news:eF1Bs7npBHA.2432@tkmsftngp07...
Kaido Kert
CertDllOpenStoreProv,CertStoreProvCloseCallback and CertStoreProvControl for
refresh.
CERT_STORE_PROV_EXTERNAL_FLAG was so obscurely documented, so i assumed
it meant "physically external to computer" or somesuch and had it set.
Kaido Kert
"malifax" <mal...@interfree.it> wrote in message
news:CYY48.16000$6e5.5...@twister2.libero.it...