Finding CRL distribution point URL from certificate using visual c++

Question

I have to find CRL distribution point URL from a certificate. I managed to get obtain context (CERT_CONTEXT) of a certificate.

From this, how do I find CRL URL? To obtain publickeylength, there was a function CertGetPublicKeyLength. Similary is there anyway to find CRL Distribution point?

score 0 · Answer 1 · answered Jan 04 '19 at 10:34

Yes, I found the answer! You can use CryptGetObjectUrl() to obtain it.I would like to post the snippet of the code as it will be surely of some help to someone.

DWORD pcbUrlArray,pcbUrlInfo;
if(CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,pCert,CRYPT_GET_URL_FROM_PROPERTY | CRYPT_GET_URL_FROM_EXTENSION,NULL,&pcbUrlArray,NULL,&pcbUrlInfo,0))
{
    PCRYPT_URL_ARRAY urlArray = (PCRYPT_URL_ARRAY)malloc(pcbUrlArray * sizeof(CRYPT_URL_ARRAY));
    PCRYPT_URL_INFO  urlInfo = (PCRYPT_URL_INFO)malloc(pcbUrlInfo * sizeof(CRYPT_URL_INFO));

    if(CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,pCert,CRYPT_GET_URL_FROM_PROPERTY | CRYPT_GET_URL_FROM_EXTENSION,urlArray,&pcbUrlArray,urlInfo,&pcbUrlInfo,0))
    {
        for(int i=0;i<urlArray->cUrl;i++)
        wcout<<urlArray->rgwszUrl[i]<<endl;
    }
}

Basically you get the pCert (CERT_CONTEXT) through

WinHttpQueryOption( hRequest,WINHTTP_OPTION_SERVER_CERT_CONTEXT,&pCert,&dwLen);

Thank you for the code snippet but I think you have a bug there: CryptGetObjectUrl returns size in bytes, not in objects so malloc allocates way too much memory — Oleg Fedorov, Jan 31 '22 at 08:16

Finding CRL distribution point URL from certificate using visual c++

1 Answers1