From owner-imc-cml Fri Feb 18 11:38:04 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA28770 for imc-cml-bks; Fri, 18 Feb 2000 11:38:04 -0800 (PST) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA28765 for ; Fri, 18 Feb 2000 11:38:03 -0800 (PST) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id <1JW6LRQB>; Fri, 18 Feb 2000 14:41:17 -0500 Message-ID: <33BD629222C0D211B6DB0060085ACF31965A0A@wfhqex03.wang.com> From: "Pawling, John" To: "'imc-cml@imc.org'" Subject: CML Mail List/CML Plans/ASN.1 Bug Date: Fri, 18 Feb 2000 14:41:18 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, The Internet Mail Consortium (IMC) has established a CML web page and a CML mail list which is used to: distribute information regarding CML releases; discuss CML-related issues; and allow CML users to provide feedback, comments, bug reports, etc. To subscribe to the mailing list, send a message to to imc-cml-request@imc.org with the single word subscribe in the body of the message. We fixed a bug in the VDA-developed code (sm_BigIntegerStr.cpp) that processes large ASN.1 INTEGERs used in conjuction with the C++ version of the SNACC library. ASN.1 INTEGER values of one byte in length were being improperly processed. This bug only impacts the use of the C++ version of the SNACC library. It does not impact the use of the C version. In conjunction with the v1.5 S/MIME Freeware Library, we deliverd a new SNACC zip file that includes the bug fix. The new SNACC zip file is available from http://www.armadillo.huntsville.al.us./software/smime/. We are currently enhancing the C and C++ versions of the SNACC library to support BMP, Universal and UTF-8 strings (in addition to Printable and Teletex strings). We are adding an optional function that can be used to convert ASN.1 OCTET STRINGs to single- and multi-byte character strings. This is needed to support the RFC 2459 PKIX requirements. The SNACC library will decode an object as it always has. If the app/library needs the ASN.1 OCTET STRINGs converted to character strings, then it will call an additional SNACC function/class to perform the conversion. The SNACC enhancement is being made to minimize the impact to existing code that uses SNACC. If an app/library does not need the ASN.1 OCTET STRINGs converted, then it will not call the conversion function/classes and will use the SNACC-generated structures/classes as always. We plan to deliver a new CML (v1.7) in early March. The v1.7 CML will include minor bug fixes and a new function that validates generic signed data (ASN.1 encoded using the X.509 SIGNED macro). The v1.7 CML will use the enhanced SNACC library to support BMP, Universal and UTF-8 strings (in addition to Printable and Teletex strings). The v1.7 CML will also be enhanced so that it can work as a server or shared process serving multiple applications. Session information will be enhanced to include: list of trusted root certificates; method of revocation checking; address and parameters needed to contact an external LDAP server; and other configuration file parameters. Steve Koehler, Secure Computing Corporation, is contributing these enhancements. These enhancements will be backward compatible. They will be implemented using optional parameters. We will inform everyone when the v1.7 CML and enhanced SNACC libraries are available. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ From owner-imc-cml Wed Feb 23 10:11:29 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id KAA29000 for imc-cml-bks; Wed, 23 Feb 2000 10:11:29 -0800 (PST) Received: from atlrel2.hp.com (atlrel2.hp.com [156.153.255.202]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA28995 for ; Wed, 23 Feb 2000 10:11:27 -0800 (PST) Received: from xboibrg1.boi.hp.com (xboibrg1.boi.hp.com [15.56.8.167]) by atlrel2.hp.com (Postfix) with ESMTP id 4FD0A651 for ; Wed, 23 Feb 2000 13:15:46 -0500 (EST) Received: by xboibrg1.boi.hp.com with Internet Mail Service (5.5.2650.21) id ; Wed, 23 Feb 2000 11:15:32 -0700 Message-ID: <973751E29EE0D211976800A0C9F446FE015DBDA9@xboi05.boi.hp.com> From: "MCMAINS,ALEX (HP-Boise,ex1)" To: "'imc-cml@imc.org'" Subject: certificate encodings and the CML Date: Wed, 23 Feb 2000 11:15:29 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, I am relatively new to cryptography and certificates so forgive me if these are dumb questions. I have been trying to use the CML to add certificates to the database. I've written a small program that reads a file into a buffer (using the same method as is done in the CML_Tool source) and then calls CM_DatabaseAdd(ulong, ASN1_Data, long) passing the buffer as the second parameter. I am using CMLv1.6, CPLv1.3.1, and SNACCv1.5 under NT 4.0 w/ MS C++ 6.0. My questions/problems are the following: 1) I get a CM_ASN_ERROR when I try to import a PKCS#7 Verisign certificate. I get an NT access violation when I try to import any of the certificates in the CM_Tool directory. I can, however, insert certificates from the Updated V3 Cert Test Data (from the CML website). Can I not import certificates in PKCS#7 format? If not, why not since this seems to be the default format for many certs? What format is the test data in? Maybe this is out of scope, but what is the difference between X.509v3 and the so called PKCS#7 format of certificates from say Verisign? I thought all (new) certificates were in X.509v3 format. What does this have to do with PKCS#7? 2) In the Updated V3 Cert Test Data directory, each certificate has a corresponding text file that shows its decoding. Is the source code that generated these files available? Is it separate from the CML itself or just part of some test suite? I grep'ed through the directories and could not find it. Perhaps I was looking in the wrong place. Thank you. -- Alex McMains From owner-imc-cml Wed Feb 23 10:31:38 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id KAA29458 for imc-cml-bks; Wed, 23 Feb 2000 10:31:38 -0800 (PST) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA29454 for ; Wed, 23 Feb 2000 10:31:36 -0800 (PST) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id <1JW6M3S0>; Wed, 23 Feb 2000 13:35:14 -0500 Message-ID: <33BD629222C0D211B6DB0060085ACF31614E8C@wfhqex03.wang.com> From: "McPherson, Clyde" To: "'MCMAINS,ALEX (HP-Boise,ex1)'" , "'imc-cml@imc.org'" Subject: RE: certificate encodings and the CML Date: Wed, 23 Feb 2000 13:35:15 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: You will probably need to pull the certs out of the pkcs7 format first, and then the certs could be added to the CML. You could do the extraction via the SFL by getting the Certificates out of the Certificates section of the Signed Data. See csm_msgtoverify.cpp -Tex -----Original Message----- From: MCMAINS,ALEX (HP-Boise,ex1) [mailto:alex_mcmains@hp.com] Sent: Wednesday, February 23, 2000 1:15 PM To: 'imc-cml@imc.org' Subject: certificate encodings and the CML Hi, I am relatively new to cryptography and certificates so forgive me if these are dumb questions. I have been trying to use the CML to add certificates to the database. I've written a small program that reads a file into a buffer (using the same method as is done in the CML_Tool source) and then calls CM_DatabaseAdd(ulong, ASN1_Data, long) passing the buffer as the second parameter. I am using CMLv1.6, CPLv1.3.1, and SNACCv1.5 under NT 4.0 w/ MS C++ 6.0. My questions/problems are the following: 1) I get a CM_ASN_ERROR when I try to import a PKCS#7 Verisign certificate. I get an NT access violation when I try to import any of the certificates in the CM_Tool directory. I can, however, insert certificates from the Updated V3 Cert Test Data (from the CML website). Can I not import certificates in PKCS#7 format? If not, why not since this seems to be the default format for many certs? What format is the test data in? Maybe this is out of scope, but what is the difference between X.509v3 and the so called PKCS#7 format of certificates from say Verisign? I thought all (new) certificates were in X.509v3 format. What does this have to do with PKCS#7? 2) In the Updated V3 Cert Test Data directory, each certificate has a corresponding text file that shows its decoding. Is the source code that generated these files available? Is it separate from the CML itself or just part of some test suite? I grep'ed through the directories and could not find it. Perhaps I was looking in the wrong place. Thank you. -- Alex McMains From owner-imc-cml Thu Feb 24 10:37:54 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA14667 for imc-cml-bks; Thu, 24 Feb 2000 10:37:54 -0800 (PST) Received: from palrel1.hp.com (palrel1.hp.com [156.153.255.242]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA14660 for ; Thu, 24 Feb 2000 10:37:49 -0800 (PST) Received: from xrosebh3.rsvl.itc.hp.com (xrosebh3.rsvl.itc.hp.com [15.34.240.67]) by palrel1.hp.com (Postfix) with ESMTP id 8975337D for ; Thu, 24 Feb 2000 10:42:01 -0800 (PST) Received: by xrosebh3.rsvl.itc.hp.com with Internet Mail Service (5.5.2650.21) id <179SBPPD>; Thu, 24 Feb 2000 10:42:01 -0800 Message-ID: <973751E29EE0D211976800A0C9F446FE015DBDAA@xboi05.boi.hp.com> From: "MCMAINS,ALEX (HP-Boise,ex1)" To: "'McPherson, Clyde'" , "MCMAINS,ALEX (HP-Boise,ex1)" , "'imc-cml@imc.org'" Subject: RE: certificate encodings and the CML Date: Thu, 24 Feb 2000 10:41:59 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Tex, Thanks for the response. I couldn't find a file anywhere named csm_msgtoverify.cpp, but I did notice that there is an SFL class with this name. However, if I use the CSM_Buffer construtor that contains my PKCS#7 certificate file with the CSM_MsgToVerify class, I get an abnormal program termination. This is a look at the code I was using: #include "sm_api.h" char filename[] = "E:\\mypkcs7file.p7c"; int main() { CSM_Buffer * buffer = new CSM_Buffer(filename); // Causes an "exception breakpoint" to be reached CSM_MsgToVerify * mtv = new CSM_MsgToVerify(buffer); return 0; } -- Alex McMains > -----Original Message----- > From: McPherson, Clyde [mailto:Clyde.McPherson@wang.com] > Sent: Wednesday, February 23, 2000 11:35 AM > To: 'MCMAINS,ALEX (HP-Boise,ex1)'; 'imc-cml@imc.org' > Subject: RE: certificate encodings and the CML > > > You will probably need to pull the certs out of the pkcs7 > format first, and > then the certs could be added to the CML. You could do the > extraction via > the SFL by getting the Certificates out of the Certificates > section of the > Signed Data. See csm_msgtoverify.cpp > > -Tex > > -----Original Message----- > From: MCMAINS,ALEX (HP-Boise,ex1) [mailto:alex_mcmains@hp.com] > Sent: Wednesday, February 23, 2000 1:15 PM > To: 'imc-cml@imc.org' > Subject: certificate encodings and the CML > > > > Hi, > > I am relatively new to cryptography and certificates so > forgive me if these > are dumb questions. I have been trying to use the CML to add > certificates > to the database. I've written a small program that reads a > file into a > buffer (using the same method as is done in the CML_Tool > source) and then > calls CM_DatabaseAdd(ulong, ASN1_Data, long) passing the buffer as the > second parameter. > > I am using CMLv1.6, CPLv1.3.1, and SNACCv1.5 under NT 4.0 w/ > MS C++ 6.0. My > questions/problems are the following: > > 1) I get a CM_ASN_ERROR when I try to import a PKCS#7 > Verisign certificate. > I get an NT access violation when I try to import any of the > certificates in > the CM_Tool directory. I can, however, insert certificates > from the Updated > V3 Cert Test Data (from the CML website). > > Can I not import certificates in PKCS#7 format? > > If not, why not since this seems to be the default format for > many certs? > > What format is the test data in? > > Maybe this is out of scope, but what is the difference > between X.509v3 and > the so called PKCS#7 format of certificates from say > Verisign? I thought > all (new) certificates were in X.509v3 format. What does > this have to do > with PKCS#7? > > 2) In the Updated V3 Cert Test Data directory, each certificate has a > corresponding text file that shows its decoding. Is the > source code that > generated these files available? Is it separate from the CML > itself or just > part of some test suite? I grep'ed through the directories > and could not > find it. Perhaps I was looking in the wrong place. > > Thank you. > > -- Alex McMains > From owner-imc-cml Tue Feb 29 09:41:15 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id JAA14151 for imc-cml-bks; Tue, 29 Feb 2000 09:41:15 -0800 (PST) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA14147 for ; Tue, 29 Feb 2000 09:41:14 -0800 (PST) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id <1JW6PGDV>; Tue, 29 Feb 2000 12:40:48 -0500 Message-ID: <33BD629222C0D211B6DB0060085ACF31965A9C@wfhqex03.wang.com> From: "Pawling, John" To: "'MCMAINS,ALEX (HP-Boise,ex1)'" , "'imc-cml@imc.org'" Subject: RE: certificate encodings and the CML Date: Tue, 29 Feb 2000 12:40:41 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Alex, >From your messages sent to the imc-sfl list and to us directly, I know that you have been able to successfully use the S/MIME Freeware Library (SFL) to ASN.1 decode a PKCS#7 object and extract the encapsulated X.509 certificate. Only X.509 certificates can be imported into the CML database. The CML does not accept PKCS#7-encapsulated X.509 certificates. PKCS#7 is one of many methods for distributing certificates. Other methods include: IETF PKIX Certificate Management Protocol; MISSI Management Protocol; loading certs on a physical media; etc. In summary, the SFL can be used to build/process PKCS#7 and IETF S/MIME v3 objects, and the CML can be used to process/validate X.509 certificates. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ > -----Original Message----- > From: McPherson, Clyde [mailto:Clyde.McPherson@wang.com] > Sent: Wednesday, February 23, 2000 11:35 AM > To: 'MCMAINS,ALEX (HP-Boise,ex1)'; 'imc-cml@imc.org' > Subject: RE: certificate encodings and the CML > > > You will probably need to pull the certs out of the pkcs7 > format first, and > then the certs could be added to the CML. You could do the > extraction via > the SFL by getting the Certificates out of the Certificates > section of the > Signed Data. See csm_msgtoverify.cpp > > -Tex > > -----Original Message----- > From: MCMAINS,ALEX (HP-Boise,ex1) [mailto:alex_mcmains@hp.com] > Sent: Wednesday, February 23, 2000 1:15 PM > To: 'imc-cml@imc.org' > Subject: certificate encodings and the CML > > > > Hi, > > I am relatively new to cryptography and certificates so > forgive me if these > are dumb questions. I have been trying to use the CML to add > certificates > to the database. I've written a small program that reads a > file into a > buffer (using the same method as is done in the CML_Tool > source) and then > calls CM_DatabaseAdd(ulong, ASN1_Data, long) passing the buffer as the > second parameter. > > I am using CMLv1.6, CPLv1.3.1, and SNACCv1.5 under NT 4.0 w/ > MS C++ 6.0. My > questions/problems are the following: > > 1) I get a CM_ASN_ERROR when I try to import a PKCS#7 > Verisign certificate. > I get an NT access violation when I try to import any of the > certificates in > the CM_Tool directory. I can, however, insert certificates > from the Updated > V3 Cert Test Data (from the CML website). > > Can I not import certificates in PKCS#7 format? > > If not, why not since this seems to be the default format for > many certs? > > What format is the test data in? > > Maybe this is out of scope, but what is the difference > between X.509v3 and > the so called PKCS#7 format of certificates from say > Verisign? I thought > all (new) certificates were in X.509v3 format. What does > this have to do > with PKCS#7? > > 2) In the Updated V3 Cert Test Data directory, each certificate has a > corresponding text file that shows its decoding. Is the > source code that > generated these files available? Is it separate from the CML > itself or just > part of some test suite? I grep'ed through the directories > and could not > find it. Perhaps I was looking in the wrong place. > > Thank you. > > -- Alex McMains > From owner-imc-cml Wed Mar 8 11:02:59 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA17222 for imc-cml-bks; Wed, 8 Mar 2000 11:02:59 -0800 (PST) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA17218 for ; Wed, 8 Mar 2000 11:02:53 -0800 (PST) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id ; Wed, 8 Mar 2000 14:03:09 -0500 Message-ID: <33BD629222C0D211B6DB0060085ACF31965B45@wfhqex03.wang.com> From: "Pawling, John" To: "'Frederic_Felten@lotus.com'" , imc-cml@imc.org Subject: OCSP Plans for CML Date: Wed, 8 Mar 2000 14:03:08 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, RFC 2560 defines the X.509 Internet Public Key Infrastructure (PKIX) Online Certificate Status Protocol (OCSP). OCSP is used to determine if a certificate has been revoked by the issuer. Please see RFC 2560 for more details. The current (v1.6) Certificate Management Library (CML) determines if a certificate has been revoked by the issuer by checking the appropriate Certificate Revocation Lists (CRL) as specified in the 1997 X.509 Recommendation. Several people have asked if there are plans to enhance the CML to perform an OCSP revocation check of a certificate in addition to checking the appropriate CRLs. The current plans are to add a capability to the CML to make calls to an existing OCSP library. This is similar to the strategy used by the CML to provide LDAP retrieval services. The CML makes calls to the Netscape-developed freeware LDAP library. The optimal solution would be to identify a freeware OCSP library which could be distributed along with the CML (as with the Netscape freeware LDAP library). If a freeware OCSP library is not available, then we would at least like to use a standard OCSP application programming interface. Does anybody know of any freeware OCSP implementations or of a standard OCSP API? Adding OCSP is one of many planned enhancements to the CML. Currently, it does not have a high priority, so it will probably be several months before we begin working on this enhancement. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ From owner-imc-cml Mon Mar 20 21:55:01 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id VAA01468 for imc-cml-bks; Mon, 20 Mar 2000 21:55:01 -0800 (PST) Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA01460 for ; Mon, 20 Mar 2000 21:54:59 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id ; Mon, 20 Mar 2000 21:55:03 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE2B410BF@seine.valicert.com> From: Ambarish Malpani To: "'imc-cml@imc.org'" , "'john.pawling@wang.com'" Cc: "Paul Hoffman (E-mail)" Subject: RE: OCSP Plans for CML Date: Mon, 20 Mar 2000 21:54:59 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi John, You had posted about the desire to OCSP enable CML and asked whether there was a freeware OCSP library. The best I can offer you is our toolkit which is available for no charge. Would that work for you? Please let me know, Regards, Ambarish P.S. The library is written in C/C++ and available as a DLL on both NT and Solaris. --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 From owner-imc-cml Tue Mar 21 08:00:46 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id IAA29965 for imc-cml-bks; Tue, 21 Mar 2000 08:00:46 -0800 (PST) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA29959 for ; Tue, 21 Mar 2000 08:00:44 -0800 (PST) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id ; Tue, 21 Mar 2000 11:02:03 -0500 Message-ID: <33BD629222C0D211B6DB0060085ACF31965BF6@wfhqex01.wangfed.com> From: "Pawling, John" To: "'Ambarish Malpani'" , "'imc-cml@imc.org'" Cc: "Paul Hoffman (E-mail)" Subject: RE: OCSP Plans for CML Date: Tue, 21 Mar 2000 11:02:04 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ambarish, Thank you very much for your reply and your generous offer. I believe that your offer is worthy of consideration. You stated "our toolkit which is available for no charge". Does this mean that there is no cost and no financial limitations regarding its use and distribution? Does this mean that companies can use it in their commercial products without paying any royalties or licensing fees? Are there any limits on the distribution of the library? Is there a license that states these facts? Is the source code provided? Thanks again, -John -----Original Message----- From: Ambarish Malpani [mailto:ambarish@valicert.com] Sent: Tuesday, March 21, 2000 12:55 AM To: 'imc-cml@imc.org'; 'john.pawling@wang.com' Cc: Paul Hoffman (E-mail) Subject: RE: OCSP Plans for CML Hi John, You had posted about the desire to OCSP enable CML and asked whether there was a freeware OCSP library. The best I can offer you is our toolkit which is available for no charge. Would that work for you? Please let me know, Regards, Ambarish P.S. The library is written in C/C++ and available as a DLL on both NT and Solaris. --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 From owner-imc-cml Tue Mar 21 11:47:46 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA04341 for imc-cml-bks; Tue, 21 Mar 2000 11:47:46 -0800 (PST) Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA04337 for ; Tue, 21 Mar 2000 11:47:45 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id ; Tue, 21 Mar 2000 11:47:50 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE2B410CE@seine.valicert.com> From: Ambarish Malpani To: "'Pawling, John'" , "'imc-cml@imc.org'" Subject: RE: OCSP Plans for CML Date: Tue, 21 Mar 2000 11:47:43 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi John, Here are the responses to your questions: no cost to distribution: yes. no financial limitations regarding distribution: yes. Licensee needs own RSA or other crypto. Companies can use it in their product w/out license fees: yes. Any limits to distribution of library: No, ValiCert does not place any. Is source code provided: No. Any restrictions: only that interoperability w/ our products & service not be removed. Hope this helps, Please let me know how you want to go ahead (and maybe we can take it off the list). Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 > -----Original Message----- > From: Pawling, John [mailto:John.Pawling@wang.com] > Sent: Tuesday, March 21, 2000 8:02 AM > To: 'Ambarish Malpani'; 'imc-cml@imc.org' > Cc: Paul Hoffman (E-mail) > Subject: RE: OCSP Plans for CML > > > Ambarish, > > Thank you very much for your reply and your generous offer. > I believe that > your offer is worthy of consideration. You stated "our > toolkit which is > available for no charge". Does this mean that there is no cost and no > financial limitations regarding its use and distribution? > Does this mean > that companies can use it in their commercial products > without paying any > royalties or licensing fees? Are there any limits on the > distribution of > the library? Is there a license that states these facts? Is > the source > code provided? > > Thanks again, > -John > > > -----Original Message----- > From: Ambarish Malpani [mailto:ambarish@valicert.com] > Sent: Tuesday, March 21, 2000 12:55 AM > To: 'imc-cml@imc.org'; 'john.pawling@wang.com' > Cc: Paul Hoffman (E-mail) > Subject: RE: OCSP Plans for CML > > > > Hi John, > You had posted about the desire to OCSP enable CML and asked > whether there was a freeware OCSP library. > > The best I can offer you is our toolkit which is available for no > charge. Would that work for you? > > Please let me know, > Regards, > Ambarish > > P.S. The library is written in C/C++ and available as a DLL on > both NT and Solaris. > > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 > From owner-imc-cml Wed Apr 12 13:19:46 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id NAA17933 for imc-cml-bks; Wed, 12 Apr 2000 13:19:46 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA17929 for ; Wed, 12 Apr 2000 13:19:45 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id ; Wed, 12 Apr 2000 16:22:55 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31965D5D@wfhqex01.wangfed.com> From: "Pawling, John" To: imc-cml@imc.org Subject: v1.7 Certificate Management Library & Mail List Date: Wed, 12 Apr 2000 16:22:55 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, J. G. Van Dyke and Associates (VDA), a Wang Government Services Company, has delivered the freeware Version 1.7 Certificate Management Library (CML) software and Application Programming Interface (API). An enhanced version of the SNACC ASN.1 C library has been delivered with the v1.7 CML. The v1.7 CML and enhanced SNACC source code is available from the Fortezza Developer's CML Page . The CML implements the 1997 X.509 certification path processing rules and meets SDN.706 requirements. It (optionally) provides local cache management functions and (optionally) obtains data objects using LDAP v2. It can (optionally) be used in conjunction with the v1.31 Certificate Path Development Library (CPDL) developed by CygnaCom Solutions to provide robust certification path building capabilities such as using cross certificates. The CML has been used to validate X.509 Certificates and Certificate Revocation Lists (CRL) signed using Digital Signature Algorithm (DSA) and RSA. The v1.7 CML includes the following enhancements (compared with the v1.6 CML release): 1) Tested with the SNACC C++ library, Crypto Token Interface Libraries (CTIL) and LibCert Dynamically Linked Libraries (DLL) delivered with the v1.6 S/MIME Freeware Library (SFL) available from the Fortezza Developer's S/MIME Page . 2) Enhanced CML API and software to add function to validate generic signed data (using SIGNED macro). 3) Added functionality to set LDAP settings, trusted certificates, and a validated public key cache on a per session basis. 4) Fixed uninitialized pointer problem on Extended Key Usage extensions, and the freeing of the Extended Key Usage extension. 5) Fixed memory leak in freeing of a EncObject_LL. 6) Fixed memory leak in asn-any.c (line 175). 7) Fixed memory leaks in CMU_GetDistPts(). 8) Added the UID attribute to SNACC library. 9) Enhanced the CMU_FilterRemoteCertsList() function to perform certificate filtering after LDAP retrieval. 10) Enhanced the setting of the CRL/ARL type in the CML provided callback function, and set correctly the location flag in the CML provided callback. 11) Corrected the CRL Issuing Distribution Point processing logic. 12) Enhanced CML to automatically search the directory using LDAP for a current certificate or CRL when the local CRL or Certificate has expired, if the application has specified "search until found". 13) Tested CML with C and C++ versions of SNACC ASN.1 library that have been enhanced to support PrintableString, TeletexString, NumericString, IA5String, VisibileString, BMPString, UniversalString and UTF8String character string types. An optional function was added to SNACC to convert ASN.1 OCTET STRINGs to single- or multi-byte character strings (as appropriate). The C version of the enhanced SNACC library is included in the CML17sr.tar.Z file. The C++ version of the enhanced SNACC library is available with the SFL. The following v1.7 CML files are available from the Fortezza Developer's CML Page: CMLv17win.zip: Windows DLLs CML17so.tar.Z: Solaris Libraries CML17sr.tar.Z: Source for CML and SNACC C library, includes Windows project files CMv1_7api.doc, CMv1_7api.pdf: MS Word and Adobe PDF versions of v1.7 CML API document cml17data.zip: test certs used to test the CML readme.txt: Instructions for installing and using the CML VDA welcomes all feedback regarding the CML software and documents. If bugs are reported, then VDA will investigate each reported bug and, if required, will produce a patch or an updated release of the software to repair the bug. All source code for the CML is being provided at no cost and with no financial limitations regarding its use and distribution. Organizations can use the CML without paying any royalties or licensing fees. The CML was originally developed by the U.S. Government. VDA is enhancing and supporting the CML under contract to the U.S. Government. The U.S. Government is furnishing the CML software at no cost to the vendor subject to the conditions of the CML Public License provided with the CML software. The CML software is not subject to U.S. Government encryption export regulations, so it is freely available to everyone. The v1.7 CML uses the VDA-enhanced SNACC v1.3 ASN.1 Library to encode/decode objects. VDA has successfully tested the v1.7 CML with the SNACC and CTIL DLLs delivered in conjunction with the v1.6 SFL. Source code for the VDA-developed CTILs is available from the Fortezza Developer's S/MIME Page. The actual crypto libraries are not provided with the CML or SFL. They must be independently obtained from the appropriate source. The v1.7 CML can be used in conjunction with the v1.31 CPDL to successfully meet all of the requirements of the Bridge Certification Authority Demonstration effort which includes cross-certified Entrust, Spyrus and Motorola v3 certificate domains. The CML17sr.tar.Z file includes the CPDL source code and public license. provides more information regarding the CPDL. Further enhancements, ports and testing of the CML are still in process. Further releases of the CML will be provided as significant capabilities are added. The Internet Mail Consortium (IMC) has established a CML web page . The IMC has also established a CML mail list which is used to: distribute information regarding CML releases; discuss CML-related issues; and provide a means for CML users to provide feedback, comments, bug reports, etc. Subscription information for the imc-cml mailing list is at the IMC web site listed above. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ From owner-imc-cml Mon Apr 24 08:34:47 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA05425 for imc-cml-bks; Mon, 24 Apr 2000 08:34:47 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA05419 for ; Mon, 24 Apr 2000 08:34:45 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id ; Mon, 24 Apr 2000 11:38:41 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31965E13@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: v1.7 CML Patch Files Date: Mon, 24 Apr 2000 11:38:38 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, Several bugs have been reported in the freeware v1.7 Certificate Management Library (CML) (also known as CMAPI). We strongly recommend that the patch files (described below) should be immediately incorporated into your local version of the CML. Much thanks to Steve Koehler, Secure Computing Corporation, for reporting these bugs. We encourage all feedback related to the CML software. We made the changes in the CML baseline software as described below and successfully tested the corrected software. The corrected CML source code files are stored in the cmapi_157patch.tar.Z file available from the Fortezza Developer's CML Page . We do not plan to deliver a new release of the CML solely to fix this bug. We added the following text to the CML Problem Report File available in the "cmapi_157patch.tar.Z" zip file: ===================================================================== CML PROBLEM REPORT FILE 21 April 2000 This file documents errors in the freeware v1.7 Certificate Management Library (CML) (a.k.a. CMAPI) that have not yet been included in a new release of the CML. ====================================================================== Problem Report #1 File(s) Affected: CM_RetrieveKey.c Date Reported: 18 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: The v1.7 CML CMU_Get_DistPts() function was corrupting the heap. Platform(s) affected: All Resolution: Fixed bugs. See new CMU_Get_DistPts() function in CM_RetrieveKey.c file. Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== Problem Report #2 File(s) Affected: CM_store.c Date Reported: 20 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: The v1.7 CML CMU_AddCertToDB() function was improperly saving user certs in the local CML database. Platform(s) affected: All Resolution: See new CMU_AddCertToDB() function in CM_store.c file. We added the following code: if (dec_cert && dec_cert->exts && dec_cert->exts->basicCons && dec_cert->exts->basicCons->value && ((Basic_cons_struct *)dec_cert->exts->basicCons->value)->cA_flag == TRUE) { /* This certificate is an issuer certificate, so it's OK to stor e it in the database. */ } else if (dec_cert && (0 == strcmp (dec_cert->subject, dec_cert->issuer))) { /* It's also OK to store any self-issued certificate. */ } else { return CM_NO_ERROR; } Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== Problem Report #3 File(s) Affected: CM_Sigcheck.c Date Reported: 20 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: The v1.7 CML CM_Sigcheck.c clean_up routine had a memory leak. Platform(s) affected: All Resolution: Fixed bug. See new clean_up code in CM_Sigcheck.c file. Here's the replacement code (note the missing if): clean_up: if ( decr_data ) free( decr_data ); if ( decrAlg ) B_DestroyAlgorithmObject( &decrAlg ); if ( publicKeyObj ) B_DestroyKeyObject( &publicKeyObj ); return(err); Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== Problem Report #4 File(s) Affected: CM_infc.c Date Reported: 20 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: Steve stated the following concern: "I'm concerned about how the trusted certs list is handled in CM_CreateSessionExt. In my original code, the trusted keys are added to the cache by the call to CM_DatabaseAdd. In the new code, the keys are added separately with a call to CMU_AddKeyToCache. This seems unnecessary, and possibly dangerous. I say dangerous, because CM_DatabaseAdd checks to see that the trusted certificate is self-signed, and that the signature verifies. By adding the key directly from CM_CreateSessionExt, these checks are avoided." Platform(s) affected: All Resolution: We agreed with Steve's concerns and made his recommended changes. See new code in CM_infc.c file. Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== Problem Report #5 File(s) Affected: CM_infc.c Date Reported: 20 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: The v1.7 CML CMU_VerifyCRLSig() function was not properly initializing the sig_value to NULL. This could cause problems in the memory freeing code. It's possible that in certain error conditions, a garbage value will be freed. Platform(s) affected: All Resolution: Fixed bug. See new CMU_VerifyCRLSig() function in CM_infc.c file. Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== Problem Report #6 File(s) Affected: CM_RetrieveKey.c Date Reported: 20 April 2000 Reporter: Steve Koehler, Secure Computing Corporation Problem Description: There were several memory leaks in the CMU_CPLBuildPath() function. Platform(s) affected: All Resolution: Fixed bugs. See new CMU_CPLBuildPath() function in CM_RetrieveKey.c file. Baseline Source Code Fixed and Tested: 20 April 2000 Patch Files: Available in cmapi_157patch.tar.Z from . ====================================================================== For more information, contact: ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ From owner-imc-cml Tue May 2 08:45:59 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id IAA07607 for imc-cml-bks; Tue, 2 May 2000 08:45:59 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA07603 for ; Tue, 2 May 2000 08:45:58 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id ; Tue, 2 May 2000 11:50:36 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31965EB5@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: 4/28/00 v1.7 CML Patch File Date: Tue, 2 May 2000 11:50:35 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, A bug has been reported in the freeware v1.7 Certificate Management Library (CML) (also known as CMAPI). We strongly recommend that the patch file (described below) should be immediately incorporated into your local version of the CML. Much thanks to John Nord for reporting this bug. We encourage all feedback related to the CML. We made the change in the CML baseline source code as described below and successfully tested the corrected software. The corrected CML source code file is stored in the CM_RetrieveKey.c file available from the Fortezza Developer's CML Page . We do not plan to deliver a new release of the CML solely to fix this bug. We added the following text to the CML Problem Report File available from the Fortezza Developer's CML Page: ===================================================================== Problem Report #7 File(s) Affected: CM_RetrieveKey.c Date Reported: 26 April 2000 Reporter: John Nord Problem Description: John reported a problem in the CMU_CPLBuildPath() function when trying to verify a certification path for which none of the required certificates are present in the CML database (except the end user certificate). At line 449, the pointer to subject->asn1cert is copied. At line 456, the copied pointer is freed, and subject->asn1cert then points to an invalid memory location. Later in the function (since the certificate path is not found in the database), the invalid subject->asn1cert pointer gets freed (in a call to CMU_FreeDownCertTree()). Platform(s) affected: All Resolution: We made John's recommended fix to the CMU_CPLBuildPath() function as follows: We added line 457 indicated by "NEW-->". With this line added, the correct error information is provided. /* get length of the asn1 item */ errCode = AsnGetLength(subject->asn1cert, &partialPath.asn1cert.num); if (errCode != CM_NO_ERROR) return (errCode); 449 partialPath.asn1cert.data = subject->asn1cert; partialPath.next = NULL; pCertPath = NULL; /* Path not yet complete -- finish building... */ rv = cplInfo->beginPathDev(&cpl_session,cpl_subject,&sessInfo,&partialPath, 0,NULL,0,NULL, NULL); 456 CM_Free (partialPath.asn1cert.data); NEW-->subject->asn1cert = NULL; if(rv != 0) return (short)rv; Baseline Source Code Fixed and Tested: 28 April 2000 Patch Files: Available in CM_RetrieveKey.c from . ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc; a Wang Government Services Company john.pawling@wang.com ============================================ From owner-imc-cml Fri Jul 14 14:03:10 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id OAA14945 for imc-cml-bks; Fri, 14 Jul 2000 14:03:10 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA14719; Fri, 14 Jul 2000 14:00:17 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id <3GNFB4M2>; Fri, 14 Jul 2000 17:01:39 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0016D013D@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: v1.71 Certificate Management Library Now Available Date: Fri, 14 Jul 2000 17:01:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, Wang Government Services, Inc. (WGSI), A Getronics Company, has delivered the Version 1.71 Certificate Management Library (CML). The v1.71 CML is freely available to everyone from the Fortezza Developers CML Page . The v1.71 CML is described in the v1.7 CML Application Programming Interface (API) document. It implements the 1997 X.509 certification path processing rules. It meets the majority of RFC 2459 and SDN.706 requirements. It (optionally) provides local cache management functions and (optionally) obtains data objects using LDAP. It can (optionally) be used in conjunction with the v1.31 Certificate Path Development Library (CPDL) developed by CygnaCom Solutions, an Entrust Technologies company, to provide robust certification path building capabilities such as using cross certificates. The CML has been used to validate X.509 Certificates and Certificate Revocation Lists (CRL) signed using the Digital Signature Algorithm (DSA) and RSA. Further enhancements, ports and testing of the CML are still in process. Further releases of the CML will be provided as significant capabilities are added. The following v1.71 CML files are available: CMLv171win.zip: MS Windows Dynamically Linked Libraries (DLL) CML171so.tar.Z: Sun Solaris Libraries CML171sr.tar.Z: Source, including Windows project files The aforementioned files and the v1.7 CML API document (CMv1_7api.doc, CMv1_7api.pdf), test certs (cml171data.zip) and readme.txt files are stored on the Fortezza Developers CML Page. The v1.71 CML includes the following enhancements (compared with the v1.7 CML release): 1) Tested with the SNACC, Crypto Token Interface Libraries (CTIL) and LibCert DLL delivered with the v1.7 S/MIME Freeware Library (SFL) available from Fortezza Developer's S/MIME Page . 2) Re-configured directory structure for CML source code files so that it is consistent with the SFL and Access Control Library (ACL). 3) Diffie-Hellman logic in CM_RetrieveKey and CM_DecodeCert cleaned up. 4) Corrected several bugs reported by customers. 5) Performed regression testing to ensure that aforementioned enhancements did not break existing CML functionality. WGSI welcomes all feedback regarding the CML software and documents. If bugs are reported, then we will investigate each reported bug and, if required, will produce a patch or an updated release of the software to repair the bug. All source code for the CML is being provided at no cost and with no financial limitations regarding its use and distribution. Organizations can use the CML without paying any royalties or licensing fees. The CML was originally developed by the U.S. Government. WGSI is enhancing and supporting the CML under contract to the U.S. Government. The U.S. Government is furnishing the CML software at no cost to the vendor subject to the conditions of the CML Public License provided with the CML software. The CML software is not subject to U.S. Government encryption export regulations, so it is freely available to everyone. The v1.71 CML uses the WGSI v1.3 Enhanced SNACC ASN.1 Library to encode/decode objects. WGSI has successfully tested the v1.71 CML with the SNACC and CTIL DLLs delivered in conjunction with the v1.7 SFL. Source code for the WGSI-developed CTILs is available from the Fortezza Developer's S/MIME Page. The actual crypto libraries are not provided with the CML or SFL. They must be independently obtained from the appropriate source. The v1.71 CML can be used in conjunction with the v1.31 CPDL to successfully meet all of the requirements of the Bridge Certification Authority Demonstration effort which includes cross-certified Entrust, Spyrus and Motorola v3 certificate domains. The CML171sr.tar.Z file includes the CPDL source code and public license. provides more information regarding the CPDL. The Internet Mail Consortium (IMC) has established a CML web page and a CML mail list which is used to: distribute information regarding CML releases; discuss CML-related issues; and allow CML users to provide feedback, comments, bug reports, etc. Subscription information for the imc-cml mailing list is at the IMC web site listed above. All comments regarding the CML source code and documents are welcome. This CML release announcement was sent to several mail lists, but please send all messages regarding the CML to the imc-cml mail list ONLY. Please do not send messages regarding the CML to any of the IETF mail lists. We will respond to all messages sent to the imc-cml mail list. ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ From owner-imc-cml Thu Jul 20 09:59:33 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id JAA03337 for imc-cml-bks; Thu, 20 Jul 2000 09:59:33 -0700 (PDT) Received: from hal9000.vguard.com (vguard.com [192.117.162.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA03291; Thu, 20 Jul 2000 09:58:21 -0700 (PDT) Received: by vguard.com with Internet Mail Service (5.5.2650.21) id ; Thu, 20 Jul 2000 20:01:36 +0200 Message-ID: From: Alon Barak To: "'imc-sfl@imc.org'" , "'imc-cml@imc.org'" Subject: CML ver1.71 compile errors Date: Thu, 20 Jul 2000 20:01:36 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm tried to upgrade my application to : SFL v1.7, SNACC v1.3R2, Crypto++ v3.1 all taken from the http://www.armadillo.huntsville.al.us./software/smime/ , & CML v1.71 taken from the http://www.armadillo.huntsville.al.us./software/certmgmt/index.html. The problem is that I can not compile the 'cml_1.71' since I have the following compile errors : (1) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(93) : error C2061: syntax error : identifier 'OtherName' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(3946) : error C2061: syntax error : identifier 'OtherName' (and some more errors because of the two above). (2) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2046) : error C2039: 'utf8StringCid' : is not a member of 'DirectoryString' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2053) : error C2039: 'utf8String' : is not a member of 'DirectoryString' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2083) : error C2039: 'bmpString' : is not a member of 'DirectoryString' All can be found in : ...\snacc13rn\c++-examples\vdatestDLL\vdatest_asn.h class BOBTest_API DirectoryString: public AsnType { public: enum ChoiceIdEnum { teletexStringCid = 0, printableStringCid = 1, universalStringCid = 2, utf8StringCid = 3, bmpStringCid = 4 }; enum ChoiceIdEnum choiceId; union { TeletexString *teletexString; PrintableString *printableString; UniversalString *universalString; }; ... (3) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2086) : error C2227: left of '->cvt_StrtoLDAP' must point to class/struct/union SO...WHAT IS WRONG WITH MY UPGRADE SETTINGS ??? Thanks in advance Alon Barak Vanguard Security Technologies Ltd. Tel: 972-4-9891311 (Ext. 221); Fax: 972-4-9891322 mailto:Alon@vguard.com From owner-imc-cml Thu Jul 20 11:40:20 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA05979 for imc-cml-bks; Thu, 20 Jul 2000 11:40:20 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA05975 for ; Thu, 20 Jul 2000 11:40:19 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2650.21) id <3GNFCG5L>; Thu, 20 Jul 2000 14:42:25 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0016D0194@wfhqex01.wangfed.com> From: "Pawling, John" To: "imc-cml@imc. org (E-mail)" Subject: FW: CML ver1.71 compile errors Date: Thu, 20 Jul 2000 14:42:18 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----Original Message----- From: Clyde.McPherson@Wang.com Sent: Thursday, July 20, 2000 2:11 PM To: Alon Barak Cc: Colestock, Robert; Pawling, John Subject: RE: CML ver1.71 compile errors Alon: Are you using the supplied projects? Actually, OtherName is defined in sm_x509cmn.h, which is referenced by sm_apiCert.h, which is part of the libcert shared library. This reference should be in the cmdec_cpp project settings->c++ settings->preprocessor in include references as "..\..\SMPDist\SFL\include" (without the quotes), you should also see a Define of _USRDLL. You will notice that all projects have been modified to reference the SMPDist directory structure. Each project should have a SMP Dist subproject, that builds the SMP Distribution directory structure for you. The order of building should be SNACC, followed by the SFL, followed by the CML. Hope this helps, and if you have any other problems, please contact me. Thanks Tex -----Original Message----- From: Alon Barak [mailto:alon@vguard.com] Sent: Thursday, July 20, 2000 11:02 AM To: 'imc-sfl@imc.org'; 'imc-cml@imc.org' Subject: CML ver1.71 compile errors I'm tried to upgrade my application to : SFL v1.7, SNACC v1.3R2, Crypto++ v3.1 all taken from the http://www.armadillo.huntsville.al.us./software/smime/ , & CML v1.71 taken from the http://www.armadillo.huntsville.al.us./software/certmgmt/index.html. The problem is that I can not compile the 'cml_1.71' since I have the following compile errors : (1) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(93) : error C2061: syntax error : identifier 'OtherName' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(3946) : error C2061: syntax error : identifier 'OtherName' (and some more errors because of the two above). (2) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2046) : error C2039: 'utf8StringCid' : is not a member of 'DirectoryString' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2053) : error C2039: 'utf8String' : is not a member of 'DirectoryString' ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2083) : error C2039: 'bmpString' : is not a member of 'DirectoryString' All can be found in : ...\snacc13rn\c++-examples\vdatestDLL\vdatest_asn.h class BOBTest_API DirectoryString: public AsnType { public: enum ChoiceIdEnum { teletexStringCid = 0, printableStringCid = 1, universalStringCid = 2, utf8StringCid = 3, bmpStringCid = 4 }; enum ChoiceIdEnum choiceId; union { TeletexString *teletexString; PrintableString *printableString; UniversalString *universalString; }; ... (3) ...\cml_1.71\cmdec_cpp\src\X_DecodeCert.cpp(2086) : error C2227: left of '->cvt_StrtoLDAP' must point to class/struct/union SO...WHAT IS WRONG WITH MY UPGRADE SETTINGS ??? Thanks in advance Alon Barak Vanguard Security Technologies Ltd. Tel: 972-4-9891311 (Ext. 221); Fax: 972-4-9891322 mailto:Alon@vguard.com From owner-imc-cml Sun Jul 23 07:23:24 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id HAA22467 for imc-cml-bks; Sun, 23 Jul 2000 07:23:24 -0700 (PDT) Received: from hal9000.vguard.com (vguard.com [192.117.162.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA22431; Sun, 23 Jul 2000 07:22:21 -0700 (PDT) Received: by vguard.com with Internet Mail Service (5.5.2650.21) id ; Sun, 23 Jul 2000 17:25:42 +0200 Message-ID: From: Alon Barak To: "'Clyde.McPherson@wang.com'" , "'imc-sfl@imc.org'" , "'imc-cml@imc.org'" Subject: SFLv1.7 + RSA build errors Date: Sun, 23 Jul 2000 17:25:41 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi Tex I'm using MSVC 6 on a WinNT OS with: SFL v1.7, SNACC v1.3R2, Crypto++ v3.1 CML v1.71 (all downloaded 3 day ago) The problem is that I'm adding RSA capabilities to our APP & I'm new in the RSA area, so...: 1) I created the "cryptlib.lib" as always BUT I couldn't understand what creates the ../../SMPDist/Algs/crypto++3.1/debug/cryptlib.lib since THERE IS NO ...SMP_SFL_Dist\SMP_SFL_Dist.dsp IN THE Crypto++3.1. 2) I couldn't understand what creates the bsafe42.lib and the what creates the ../../SMPDist/Algs/bsafe42/Library/lib/bsafe42.lib 3) I use the "rsaref2.tar" & "bsafeeay.tar.gz" as the RSA sources but I (& the compiler) can't find the "stdlibrf.h". Where can I get it from ? 4) Do I need anything else to use the Crypto++3.1 RSA capabilities ? Thanks in advance Alon Barak Vanguard Security Technologies Ltd. Tel: 972-4-9891311 (Ext. 221); Fax: 972-4-9891322 mailto:Alon@vguard.com From owner-imc-cml Wed Aug 2 06:58:27 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id GAA08242 for imc-cml-bks; Wed, 2 Aug 2000 06:58:27 -0700 (PDT) Received: from hal9000.vguard.com (vguard.com [192.117.162.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA08238 for ; Wed, 2 Aug 2000 06:58:25 -0700 (PDT) Received: by vguard.com with Internet Mail Service (5.5.2650.21) id ; Wed, 2 Aug 2000 17:02:44 +0200 Message-ID: From: Nissim Ofek To: "'imc-cml@imc.org'" Cc: Alon Barak Subject: Problem with the method CM_RequestEncCertPath Date: Wed, 2 Aug 2000 17:02:43 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, I have a problem when using the CM_RequestEncCertPath when giving it a certificate which its issuer does not exist in the database. the exact scenario that happened was: 1. local session was created 2. I added a cert which is not self signed to it 3. CM_RequestEncCertPath was called to retreive that cert path, the bounds were set to CM_SEARCH_LOCAL in the CM_RequestEncCertPath method : 3.1 subject_tree is allocated with a first element containing the cert blob that was passed 3.2 this subject_tree is passed on the the method CMU_CPLBuildPath in the CMU_CPLBuildPath method : 3.2.1 the path is not found, so we reach to the lines: if (sub != NULL) CMU_FreeDownCertTree(sessionID, &sub); while sub points to the first element in the subject_tree that was passed 3.2.2 this first element is freed, but this does not notified to the subject_tree in any way 3.2.3 the method returns CM_NO_PATH_FOUND back to CM_RequestEncCertPath : 3.3 goto errExit 3.4 performing these lines: if(subject_tree != 0) { CMU_FreeDownCertTree(sessionID, &subject_tree); /* from this entry on down the list */ } as said, subject_tree is not null exactly as it was sent. now it points to an area that was freed. now, the method CMU_FreeDownCertTree crashes as said, subject_tree is not null exactly as it was sent. now it points to an area that was freed. I have a suggestion about fixing it and ask if it is OK at the method CMU_CPLBuildPath I inserted the red line: /* initialize BeginPathDevelopment variables */ subject = *pathTree; *pathTree = NULL; cpl_subject = subject->cert->subject; partialPath.cert = subject->cert; if the method find the path, the pathTree is already readdressed to it, and when the path can not be found, the pathTree will point to NULL. Nissim Ofek, Vanguard Security Technologies Tel. 972-4-9891311(Ext. 122), Fax. 972-4-9891322 mailto:nissim@vguard.com From owner-imc-cml Fri Aug 11 09:03:06 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id JAA29048 for imc-cml-bks; Fri, 11 Aug 2000 09:03:06 -0700 (PDT) Received: from res02wnt246.corp.wang.com (res02wnt246.corp.wang.com [150.124.55.138]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA29044 for ; Fri, 11 Aug 2000 09:03:04 -0700 (PDT) Received: by res02wnt246.corp.wang.com with Internet Mail Service (5.5.2650.21) id ; Fri, 11 Aug 2000 12:01:36 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0016D029D@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: v1.7.1 CML Bug Fixes Date: Fri, 11 Aug 2000 12:01:31 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: CML Customers, Two bugs have been reported in the freeware v1.71 Certificate Management Library (CML) (also known as CMAPI). We strongly recommend that the modified code (described below) should be immediately incorporated into your local version of the CML. Much thanks to Rich Nicholas and Nissim Ofek for reporting these bugs. We encourage all feedback related to the CML. We made the changes in the CML baseline source code as described below and successfully tested the corrected software. We do not plan to deliver a new release of the CML solely to fix these bugs. We added the following text to the CML Problem Report File available from the Fortezza Developer's CML Page: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This file documents errors in the freeware v1.71 Certificate Management Library (CML) (a.k.a. CMAPI) that have not yet been included in a new release of the CML. ====================================================================== Problem Report #1 File(s) Affected: CM_ReqOps.c Date Reported: 14 July 2000 Reported By: Rich Nicholas, Wang Government Services Problem Description: Rich reported a bug in CM_RequestCerts() in that on local retrievals from the data base, the cert list returned from CMU_BuildCertListFmObject() would not be filtered. Under certain conditions, this caused an error to occur in the CM_RetrieveKey() function. Platform(s) affected: All Resolution: Fixed bug. See new CMU_BuildCertListFmObject() function in CM_ReqOps.c file. Baseline Source Code Fixed and Tested: 14 July 2000 Patch File: The corrected CML source code file is stored in the CM_ReqOps.c file available from: . ====================================================================== Problem Report #2 File(s) Affected: CM_RetrieveKey.c Reported By: Nissim Ofek Date Reported: 2 August 2000 Problem Description: The CM_RetrieveKey() function calls CMU_CPLBuildPath(). In the case that CMU_CPLBuildPath() returns an error when cplInfo->doPathDev() fails (returns 40013), then CM_RetrieveKey was attempting to free the cert list that had already been freed. Platform(s) affected: All Resolution: We corrected CM_RetrieveKey.c so that in the case when CMU_CPLBuildPath returns an error, the code no longer attempts to free the cert list. In CM_RetrieveKey.c, line number 434, we added: *pathTree = NULL; For a code fragment view, this is: else { if (searchFlag == CM_SEARCH_UNTIL_FOUND) sessInfo.boundsMask = RAM_LOC | CLIENT_LOC | SERVER_LOC | DSA_LOC; else /* CM_SEARCH_BOTH */ sessInfo.boundsMask = RAM_LOC | CLIENT_LOC | SERVER_LOC | DSA_LOC | SEARCH_ALL; } /* initialize BeginPathDevelopment variables */ subject = *pathTree; *pathTree = NULL; Baseline Source Code Fixed and Tested: 8 August 2000 Patch File: The corrected CML source code file will soon be stored in the CM_RetrieveKey.c file available from: . For more information, contact: ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ From owner-imc-cml Tue Sep 5 10:42:17 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id KAA05781 for imc-cml-bks; Tue, 5 Sep 2000 10:42:17 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA05777 for ; Tue, 5 Sep 2000 10:42:16 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Tue, 5 Sep 2000 13:43:42 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0016D03FC@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: 5 Sep 00 v1.7.1 CML Bug Fix Date: Tue, 5 Sep 2000 13:43:16 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: CML Customers, A significant bug has been reported in the freeware v1.71 Certificate Management Library (CML) (also known as CMAPI). We strongly recommend that the modified code (described below) should be immediately incorporated into your local version of the CML. Much thanks to Kevin Vlasich for reporting this bug. We encourage all feedback related to the CML. We made the change in the CML baseline source code as described below and successfully tested the corrected software. We do not plan to deliver a new release of the CML solely to fix this bug. We added the following text to the CML Problem Report File available from the Fortezza Developer's CML Page (see below): +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This file documents errors in the freeware v1.71 Certificate Management Library (CML) (a.k.a. CMAPI) that have not yet been included in a new release of the CML. ====================================================================== Problem Report #3 File(s) Affected: CM_ReqOps.c Date Reported: 22 August 2000 Reported By: Kevin Vlasich, Secure Computing Corporation Problem Description: When doing a CM_RequestCerts() call with boundsFlag = CM_SEARCH_BOTH, LDAP is never searched if the certificate can't be found in the local database. Platform(s) affected: All Resolution: We modified line 1931 of CM_ReqOps.c: OLD: if((err == CM_NOT_FOUND) && (typeMask & CLIENT_LOC)) ^^^^^^^^^^^^^^^^^^^^^^^ NEW: if ( (err == CM_NOT_FOUND) && !(locMask & DSA_LOC) ) Baseline Source Code Fixed and Tested: 24 August 2000 Patch File: Soon to be available in CM_ReqOps.c from . For more information, contact: ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ From owner-imc-cml Fri Sep 15 06:44:11 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id GAA15791 for imc-cml-bks; Fri, 15 Sep 2000 06:44:11 -0700 (PDT) Received: from mail.motus.qc.ca (jplachance.motus.qc.ca [207.236.155.216]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA15786 for ; Fri, 15 Sep 2000 06:44:09 -0700 (PDT) From: eboudreault@motus.com Subject: Problems To: imc-cml@imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Fri, 15 Sep 2000 09:46:34 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 2000-09-15 09:47:06 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id GAA15788 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello every body !! I'm new with your Certificate Management software library v1.7. I already haved download cml171sr.tar.Z and cml171win.zip and i've problems to compile unziped files. That's what i get when i try to compile to main project (CM_Tool): ----------------------------------------------------------------------------------------------------------------- --------------------Configuration: cpdlib - Win32 Memory Check-------------------- Compiling... CertCache.cpp CertsRec.cpp CMAPIInterface.cpp cpl.cpp PathCache.cpp PathDev.cpp PathRec.cpp stristr.cpp utils.cpp Generating Code... Linking... Creating library MemCheck/cpdlib_md.lib and object MemCheck/cpdlib_md.exp cpdlib_md.exp : warning LNK4070: /OUT:cpdlib.dll directive in .EXP differs from output filename "MemCheck/cpdlib_md.dll"; ignoring directive Copying DLL to system32 directory... E:\CM_Library\cpl>copy MemCheck\cpdlib_md.dll C:\WINNT\system32 1 fichier(s) copi'(s). --------------------Configuration: cmapi_dll - Win32 Memory Check-------------------- Compiling resources... Compiling... CM_cache.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_cpl.cpp includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_db.c CM_Free.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_globals.c CM_infc.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_ldap.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_Mgr.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_ReqOps.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_RetrieveKey.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_Sigcheck.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_store.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory fortezza.c E:\CM_Library\cmapi\src\fortezza.c(154) : warning C4244: '=' : conversion from 'int ' to 'short ', possible loss of data E:\CM_Library\cmapi\src\fortezza.c(185) : warning C4189: 'dummy' : local variable is initialized but not referenced Error executing cl.exe. CM_Tool_d.exe - 10 error(s), 3 warning(s) ----------------------------------------------------------------------------------------------------------------- What's the correct way to compile it. Thanks ********************************************************************************************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ********************************************************************************************** From owner-imc-cml Fri Sep 15 06:59:20 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id GAA16461 for imc-cml-bks; Fri, 15 Sep 2000 06:59:20 -0700 (PDT) Received: from exch-bhs-2.redstone.army.mil (exch-bhs-2.redstone.army.mil [136.205.13.50]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA16456 for ; Fri, 15 Sep 2000 06:59:18 -0700 (PDT) Received: by exch-bhs-2.redstone.army.mil with Internet Mail Service (5.5.2448.0) id ; Fri, 15 Sep 2000 09:03:08 -0500 Message-ID: <1345B59AC3C5D211975E00A0C99DAC7A01B67561@exch-msg-6> From: "Nord, John D Contractor/NCCIM" To: "'eboudreault@motus.com'" , imc-cml@imc.org Subject: RE: Problems Date: Fri, 15 Sep 2000 09:02:17 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id GAA16458 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Eric, "ldap.h" is the LDAP API header. You can get a LDAP library from the Netscape LDAP SDK web page (http://developer.netscape.com/tech/directory/downloads.html). After getting the LDAP SDK, put the path to the "ldap.h" header in your project include search path. John -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Friday, September 15, 2000 8:47 AM To: imc-cml@imc.org Subject: Problems Hello every body !! I'm new with your Certificate Management software library v1.7. I already haved download cml171sr.tar.Z and cml171win.zip and i've problems to compile unziped files. That's what i get when i try to compile to main project (CM_Tool): -------------------------------------------------------------------------------- --------------------------------- --------------------Configuration: cpdlib - Win32 Memory Check-------------------- Compiling... CertCache.cpp CertsRec.cpp CMAPIInterface.cpp cpl.cpp PathCache.cpp PathDev.cpp PathRec.cpp stristr.cpp utils.cpp Generating Code... Linking... Creating library MemCheck/cpdlib_md.lib and object MemCheck/cpdlib_md.exp cpdlib_md.exp : warning LNK4070: /OUT:cpdlib.dll directive in .EXP differs from output filename "MemCheck/cpdlib_md.dll"; ignoring directive Copying DLL to system32 directory... E:\CM_Library\cpl>copy MemCheck\cpdlib_md.dll C:\WINNT\system32 1 fichier(s) copi'(s). --------------------Configuration: cmapi_dll - Win32 Memory Check-------------------- Compiling resources... Compiling... CM_cache.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_cpl.cpp includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_db.c CM_Free.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_globals.c CM_infc.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_ldap.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_Mgr.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_ReqOps.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_RetrieveKey.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_Sigcheck.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory CM_store.c includes\CM_internal.h(31) : fatal error C1083: Cannot open include file: 'ldap.h': No such file or directory fortezza.c E:\CM_Library\cmapi\src\fortezza.c(154) : warning C4244: '=' : conversion from 'int ' to 'short ', possible loss of data E:\CM_Library\cmapi\src\fortezza.c(185) : warning C4189: 'dummy' : local variable is initialized but not referenced Error executing cl.exe. CM_Tool_d.exe - 10 error(s), 3 warning(s) -------------------------------------------------------------------------------- --------------------------------- What's the correct way to compile it. Thanks ******************************************************************************** ************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ******************************************************************************** ************** From owner-imc-cml Mon Sep 18 12:37:46 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA23384 for imc-cml-bks; Mon, 18 Sep 2000 12:37:46 -0700 (PDT) Received: from mail.motus.qc.ca (motus.qc.ca [207.236.155.194]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA23380 for ; Mon, 18 Sep 2000 12:37:44 -0700 (PDT) From: eboudreault@motus.com Subject: UTF-8 To: imc-cml@imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Mon, 18 Sep 2000 15:40:26 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 18/09/2000 15:40:57 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id MAA23381 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello !!! I think i've found a bug in the file "asn-tag.h". There is the line of that bug : ..... typedef enum { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, UTF8STRING_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 } BER_UNIV_CODE; ..... The bug is that the UTF8STRING_TAG_CODE is supposed to be 12 (11 now) as mentionned in the specification (rfc2459) and in the file asn-usefulVDA.h. What do think about that ???? And what can i do to correct that bug (if bug exist) ???? Thanks !! ********************************************************************************************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ********************************************************************************************** From owner-imc-cml Tue Sep 19 07:22:46 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id HAA24330 for imc-cml-bks; Tue, 19 Sep 2000 07:22:46 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA24325; Tue, 19 Sep 2000 07:22:44 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Tue, 19 Sep 2000 10:26:35 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B1455@wfhqex01.wangfed.com> From: "Pawling, John" To: imc-cml@imc.org, imc-snacc@imc.org Subject: FW: UTF-8 Date: Tue, 19 Sep 2000 10:25:58 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id HAB24326 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, The attached message documents a bug in the v1.3 R3 Enhanced SNACC C library. It does not impact the SNACC C++ library. ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ -----Original Message----- From: Colestock, Robert Sent: Tuesday, September 19, 2000 10:21 AM To: 'eboudreault@motus.com' Cc: Pawling, John; McPherson, Clyde Subject: RE: UTF-8 Eric: I believe you are correct, the 11th position in the enum array sets the wrong tag. This has been fixed in the next SNACC baseline. For you, simply add "=12" to the UTF8 tag value and re-build the SNACC "C" library: UTF8STRING_TAG_CODE, CHANGE TO UTF8STRING_TAG_CODE=12, Bob Colestock VDA -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Monday, September 18, 2000 3:40 PM To: imc-cml@imc.org Subject: UTF-8 Hello !!! I think i've found a bug in the file "asn-tag.h". There is the line of that bug : ..... typedef enum { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, UTF8STRING_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 } BER_UNIV_CODE; ..... The bug is that the UTF8STRING_TAG_CODE is supposed to be 12 (11 now) as mentionned in the specification (rfc2459) and in the file asn-usefulVDA.h. What do think about that ???? And what can i do to correct that bug (if bug exist) ???? Thanks !! **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** From owner-imc-cml Tue Sep 19 08:17:48 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA27693 for imc-cml-bks; Tue, 19 Sep 2000 08:17:48 -0700 (PDT) Received: from mail.motus.qc.ca (motus.qc.ca [207.236.155.194]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA27677; Tue, 19 Sep 2000 08:17:46 -0700 (PDT) From: eboudreault@motus.com Subject: Re: FW: UTF-8 To: "Pawling, John" Cc: imc-cml@imc.org, imc-snacc@imc.org, owner-imc-cml@mail.imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Tue, 19 Sep 2000 11:20:31 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 19/09/2000 11:21:04 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id IAB27686 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Why UTF-8 is not included in the file asn-tag.h ??? ----------------------------------------------------------- ...... typedef enum BER_UNIV_CODE { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, #ifndef VDADER_RULES GENERALSTRING_TAG_CODE #else GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 #endif } BER_UNIV_CODE; ........ ----------------------------------------------------------- Why this does not impact the SNACC C++ library ????? ********************************************************************************************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ********************************************************************************************** "Pawling, John" cc: Sent by: Subject: FW: UTF-8 owner-imc-cml@ma il.imc.org 19/09/00 10:25 All, The attached message documents a bug in the v1.3 R3 Enhanced SNACC C library. It does not impact the SNACC C++ library. ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ -----Original Message----- From: Colestock, Robert Sent: Tuesday, September 19, 2000 10:21 AM To: 'eboudreault@motus.com' Cc: Pawling, John; McPherson, Clyde Subject: RE: UTF-8 Eric: I believe you are correct, the 11th position in the enum array sets the wrong tag. This has been fixed in the next SNACC baseline. For you, simply add "=12" to the UTF8 tag value and re-build the SNACC "C" library: UTF8STRING_TAG_CODE, CHANGE TO UTF8STRING_TAG_CODE=12, Bob Colestock VDA -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Monday, September 18, 2000 3:40 PM To: imc-cml@imc.org Subject: UTF-8 Hello !!! I think i've found a bug in the file "asn-tag.h". There is the line of that bug : ..... typedef enum { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, UTF8STRING_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 } BER_UNIV_CODE; ..... The bug is that the UTF8STRING_TAG_CODE is supposed to be 12 (11 now) as mentionned in the specification (rfc2459) and in the file asn-usefulVDA.h. What do think about that ???? And what can i do to correct that bug (if bug exist) ???? Thanks !! **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** From owner-imc-cml Tue Sep 19 09:35:23 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id JAA02691 for imc-cml-bks; Tue, 19 Sep 2000 09:35:23 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA02687; Tue, 19 Sep 2000 09:35:21 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Tue, 19 Sep 2000 12:39:09 -0400 Message-ID: <57B5672B24E6D2118165006008A5925969E6FA@wfhqex06.wangfed.com> From: "Colestock, Robert" To: "'eboudreault@motus.com'" Cc: "'imc-cml@imc.org'" , "'imc-snacc@imc.org'" , "'owner-imc-cml@mail.imc.org'" Subject: RE: FW: UTF-8 Date: Tue, 19 Sep 2000 12:38:31 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id JAB02688 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Eric: The C++ DER rules were implemented separate from the "C" DER rules (added later from freeware sources). The SNACC compiler changes necessary to implement the rules had to be compromised to reflect the different approaches. The short answer is that this reference does not affect the C++ tag encode/decode operations (the C++ reference to the tag is in ./specs/asn-usefulVDA.asn1). Bob Colestock VDA -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Tuesday, September 19, 2000 11:21 AM To: Pawling, John Cc: imc-cml@imc.org; imc-snacc@imc.org; owner-imc-cml@mail.imc.org Subject: Re: FW: UTF-8 Why UTF-8 is not included in the file asn-tag.h ??? ----------------------------------------------------------- ...... typedef enum BER_UNIV_CODE { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, #ifndef VDADER_RULES GENERALSTRING_TAG_CODE #else GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 #endif } BER_UNIV_CODE; ........ ----------------------------------------------------------- Why this does not impact the SNACC C++ library ????? **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** "Pawling, John" cc: Sent by: Subject: FW: UTF-8 owner-imc-cml@ma il.imc.org 19/09/00 10:25 All, The attached message documents a bug in the v1.3 R3 Enhanced SNACC C library. It does not impact the SNACC C++ library. ============================================ John Pawling, john.pawling@wang.com Wang Government Services, Inc., A Getronics Company ============================================ -----Original Message----- From: Colestock, Robert Sent: Tuesday, September 19, 2000 10:21 AM To: 'eboudreault@motus.com' Cc: Pawling, John; McPherson, Clyde Subject: RE: UTF-8 Eric: I believe you are correct, the 11th position in the enum array sets the wrong tag. This has been fixed in the next SNACC baseline. For you, simply add "=12" to the UTF8 tag value and re-build the SNACC "C" library: UTF8STRING_TAG_CODE, CHANGE TO UTF8STRING_TAG_CODE=12, Bob Colestock VDA -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Monday, September 18, 2000 3:40 PM To: imc-cml@imc.org Subject: UTF-8 Hello !!! I think i've found a bug in the file "asn-tag.h". There is the line of that bug : ..... typedef enum { NO_TAG_CODE = 0, BOOLEAN_TAG_CODE = 1, INTEGER_TAG_CODE, BITSTRING_TAG_CODE, OCTETSTRING_TAG_CODE, NULLTYPE_TAG_CODE, OID_TAG_CODE, OD_TAG_CODE, EXTERNAL_TAG_CODE, REAL_TAG_CODE, ENUM_TAG_CODE, UTF8STRING_TAG_CODE, SEQ_TAG_CODE = 16, SET_TAG_CODE, NUMERICSTRING_TAG_CODE, PRINTABLESTRING_TAG_CODE, TELETEXSTRING_TAG_CODE, VIDEOTEXSTRING_TAG_CODE, IA5STRING_TAG_CODE, UTCTIME_TAG_CODE, GENERALIZEDTIME_TAG_CODE, GRAPHICSTRING_TAG_CODE, VISIBLESTRING_TAG_CODE, GENERALSTRING_TAG_CODE, UNIVERSALSTRING_TAG_CODE = 28, BMPSTRING_TAG_CODE = 30 } BER_UNIV_CODE; ..... The bug is that the UTF8STRING_TAG_CODE is supposed to be 12 (11 now) as mentionned in the specification (rfc2459) and in the file asn-usefulVDA.h. What do think about that ???? And what can i do to correct that bug (if bug exist) ???? Thanks !! **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** From owner-imc-cml Thu Sep 21 07:48:16 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id HAA00204 for imc-cml-bks; Thu, 21 Sep 2000 07:48:16 -0700 (PDT) Received: from mail.motus.qc.ca (motus.qc.ca [207.236.155.194]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA00200 for ; Thu, 21 Sep 2000 07:48:14 -0700 (PDT) From: eboudreault@motus.com Subject: Data base To: imc-cml@imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Thu, 21 Sep 2000 10:51:07 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 21/09/2000 10:51:43 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id HAA00201 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, I started to execute CM_Tool.exe, and the only thing i've tried, is to insert a certificate into the DB. My question is how the file cert.db is structured. The first goal of that, is to understand how do you insert a certificate into this DB. The second goal, is to understand what's append in the file cert.db when i retrieve a certificate. I have a general idea of what's append, but i can't trace it into the file. Can you help me to understand it ???? (How an empty DB, a DB with one element, and a DB whit one element retrieved are structured) Thanks !!! ********************************************************************************************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ********************************************************************************************** From owner-imc-cml Thu Sep 21 09:11:39 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id JAA05702 for imc-cml-bks; Thu, 21 Sep 2000 09:11:39 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA05698 for ; Thu, 21 Sep 2000 09:11:37 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Thu, 21 Sep 2000 12:15:38 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B1495@wfhqex01.wangfed.com> From: "Pawling, John" To: imc-cml@imc.org Subject: FW: Data base Date: Thu, 21 Sep 2000 12:15:22 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id JAA05699 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----Original Message----- From: McPherson, Clyde Sent: Thursday, September 21, 2000 11:57 AM To: eboudreault@motus.com Cc: Pawling, John; Nicholas, Richard Subject: RE: Data base Eric: The CML uses as its data base the GNU gdb data base, and is structured according to the gdb structures. As far as data being written to the data base there are basically 2 main types of data, they are Certificate Revocation Lists and Certificates, which are stored in 2 seperate data base files. Each entry that is stored in the data base are made up of 2 parts, the template, and the data itself (the raw CRL or CERT). The templates are used so that the CML can search on items that are revelant to the CRL or CERT, and then be able to pull out the raw CRL or CERT from the data base. As far as tracing on what each function does, you may want to build under the debug option, and trace through the CM_store.c functions as well as the CM_db.c functions. If you are not familar with the GNU based gdb data base, you may want to first download the full release of gdb (www.gnu.org) and trace through the routines in a more "relaxed" manner. Thanks Tex -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Thursday, September 21, 2000 10:51 AM To: imc-cml@imc.org Subject: Data base Hi, I started to execute CM_Tool.exe, and the only thing i've tried, is to insert a certificate into the DB. My question is how the file cert.db is structured. The first goal of that, is to understand how do you insert a certificate into this DB. The second goal, is to understand what's append in the file cert.db when i retrieve a certificate. I have a general idea of what's append, but i can't trace it into the file. Can you help me to understand it ???? (How an empty DB, a DB with one element, and a DB whit one element retrieved are structured) Thanks !!! **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** From owner-imc-cml Mon Oct 2 07:16:05 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id HAA15621 for imc-cml-bks; Mon, 2 Oct 2000 07:16:05 -0700 (PDT) Received: from hal9000.vguard.com (vguard.com [192.117.162.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA15616 for ; Mon, 2 Oct 2000 07:16:03 -0700 (PDT) Received: by vguard.com with Internet Mail Service (5.5.2650.21) id <4CYSNXJJ>; Mon, 2 Oct 2000 17:20:13 +0200 Message-ID: <802467A7827ED411B5F600508B732D3C0BBF1B@vguard.com> From: Nissim Ofek To: "'imc-cml@imc.org'" Subject: some questions Date: Mon, 2 Oct 2000 17:20:02 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, I have some question about CML 1.71 1. sometime I want the cahce to be stored in the files immediatly. how can I do it without closing and opening my sessions? (DBFlush does not do it, it is performed only at the file itself) 2. about the trust special sign. if a trusted cert is removed from the db, it is still treated as trusted (it is not deleted from the cahce), so unless you close all the session that were opened when the cert was still trusted and open them again it will act like a trusted cert. is that on purpose? 3. when a cert is retreived, its info is converted into a template and this template is searched. the trust special sign is serialized also into this template and the result is the the same cert with different trust signs are treated as different certs. you can add the same cert as trusted and not trusted cert. is that on purpose? Nissim Ofek, Vanguard Security Technologies Tel. 972-4-9891311(Ext. 122), Fax. 972-4-9891322 mailto:nissim@vguard.com From owner-imc-cml Mon Oct 2 09:33:40 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id JAA18563 for imc-cml-bks; Mon, 2 Oct 2000 09:33:40 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA18559 for ; Mon, 2 Oct 2000 09:33:39 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Mon, 2 Oct 2000 12:39:09 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C001A31BE9@wfhqex01.wangfed.com> From: "McPherson, Clyde" To: Nissim Ofek , "'imc-cml@imc.org'" Subject: RE: some questions Date: Mon, 2 Oct 2000 12:36:57 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----Original Message----- From: Nissim Ofek [mailto:nissim@vguard.com] Sent: Monday, October 02, 2000 11:20 AM To: 'imc-cml@imc.org' Subject: some questions Hello, I have some question about CML 1.71 1. sometime I want the cahce to be stored in the files immediatly. how can I do it without closing and opening my sessions? (DBFlush does not do it, it is performed only at the file itself) You currently cannot do this. To be safe all sessions must be closed. 2. about the trust special sign. if a trusted cert is removed from the db, it is still treated as trusted (it is not deleted from the cahce), so unless you close all the session that were opened when the cert was still trusted and open them again it will act like a trusted cert. is that on purpose? Yes it is, it will be treated as a trusted cert for as long as time to live hasn't expired, or the validity dates are okay. 3. when a cert is retreived, its info is converted into a template and this template is searched. the trust special sign is serialized also into this template and the result is the the same cert with different trust signs are treated as different certs. you can add the same cert as trusted and not trusted cert. is that on purpose? Yes it is. Nissim Ofek, Vanguard Security Technologies Tel. 972-4-9891311(Ext. 122), Fax. 972-4-9891322 mailto:nissim@vguard.com From owner-imc-cml Mon Oct 2 10:58:45 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA20256 for imc-cml-bks; Mon, 2 Oct 2000 10:58:45 -0700 (PDT) Received: from mail.motus.qc.ca (motus.qc.ca [207.236.155.194]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA20250 for ; Mon, 2 Oct 2000 10:58:43 -0700 (PDT) From: eboudreault@motus.com Subject: DB files To: imc-cml@imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Mon, 2 Oct 2000 14:02:34 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 2000-10-02 14:03:09 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id KAA20251 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, I just want to know what kind of DB are the certs.db and crl.db files. Homemade or ..... ????? What is his structure ? Thanks ********************************************************************************************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ********************************************************************************************** From owner-imc-cml Mon Oct 2 11:55:31 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA21636 for imc-cml-bks; Mon, 2 Oct 2000 11:55:31 -0700 (PDT) Received: from mail.motus.qc.ca (motus.qc.ca [207.236.155.194]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA21629 for ; Mon, 2 Oct 2000 11:55:25 -0700 (PDT) From: eboudreault@motus.com Subject: UTF-8 To: imc-cml@imc.org X-Mailer: Lotus Notes France (Canada) 5.0 14 avril 1999 Message-ID: Date: Mon, 2 Oct 2000 14:59:17 -0400 X-MIMETrack: Serialize by Router on motus1/Motus Technologies Inc.(Release 5.0.3 |March 21, 2000) at 2000-10-02 14:59:53 MIME-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=8525696C00659D538f9e8a93df938690918c8525696C00659D53" Content-Disposition: inline Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --0__=8525696C00659D538f9e8a93df938690918c8525696C00659D53 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable I think into "short cvt_DirectoryName(char **cm_name, DirectoryString *x_name)" in the file X_DecodeCert.cpp that we have a problem int these= part of the code. there is the code now: /******************************************************/ ........ else if (x_name->choiceId =3D=3D DirectoryString::utf8StringCid) { VDAGeneralString GenString; char *LDAPString =3D NULL; wchar_t *wPchar; UTF8String A; /* Get the Wide Character */ wPchar =3D *x_name->utf8String; /* Get the UTF-8 Encoding */ wPchar =3D A.GetWChar(); /* Convert the string to LDAP and return to caller */ GenString.cvt_StrtoLDAP(wPchar, &LDAPString); delete wPchar; /* Copy back for caller */ *cm_name =3D LDAPString; } ........ /******************************************************/ and there is the code that i think it's work: /******************************************************/ ........ else if (x_name->choiceId =3D=3D DirectoryString::utf8StringCid) { VDAGeneralString GenString; char *LDAPString =3D NULL; wchar_t *wPchar; /* Get the Wide Character */ wPchar =3D (*x_name->utf8String).GetWChar(); /* Convert the string to LDAP and return to caller */ GenString.cvt_StrtoLDAP(wPchar, &LDAPString); free( wPchar); /* Copy back for caller */ *cm_name =3D LDAPString; } ........ /******************************************************/ I have an other question. Do you know if the decoding code of UTF-8 st= ring work correctly ??? It's just because i try to decode a certificate wit= h OU and O of the subject and the issuer in UTF-8 format, and i don't know i= f it's decoded correctly. You can found the certificate that i try to de= code in attachement. Thanks ***********************************************************************= *********************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Qu=E9bec, Qc G1K 3P6 T=E9l.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com ***********************************************************************= *********************** (See attached file: Certificat_Client1.cer)= --0__=8525696C00659D538f9e8a93df938690918c8525696C00659D53 Content-type: application/octet-stream; name="=?iso-8859-1?Q?Certificat=5FClient1.cer?=" Content-Disposition: attachment; filename="=?iso-8859-1?Q?Certificat=5FClient1.cer?=" Content-transfer-encoding: base64 MIICbjCCAhigAwIBAgIBAjANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJDTjEOMAwGA1UECgwF TU9UVVMxIDAeBgNVBAsMF0NFUlRJRklDQVRJT04gQVVUSE9SSVRZMCIYDzIwMDAwOTE5MTI0MzA2 WhgPMjAwMTA5MTkxMzQzMDZaMDAxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVNT1RVUzERMA8GA1UE CwwIQ0xJRU5UIDEwge4wgaYGByqGSM44BAEwgZoCQJy0fq1Ldu9+AoYm1v6w0Q3GroWuboUeHOr6 kS5kRjARzxn6op9Pvbu2VP9Ur+HpthvJa+LYAJ6Qxcxt9x95/S8CFNw9Sbx1qLAODNCnfVVpzZSj GSxDAkCK4G13FGZFcNGoQs6cgw2r3d476y8m7yXRhuaMguifLs6rqxxaRIWbDJ8lfP7YhavgVFA4 0bqugPvJXmd3qaffA0MAAkAspObTAg9ixncL3+qfHCKYP28YeSdfdzWgX+/SWN8fYklWjHvSYLL4 PaqW6YVZaKeeMG/jsavYyGTAMW0OgYSio3cwdTAkBgNVHSMBAf8EGjAYgBYEFKgMR77mQIUQ84zj qIhM/1dkYuRYMBIGA1UdEQQLMAmHB2NsaWVudDEwDAYDVR0PBAUDAwCAADArBggrBgEFBQcBAQEB /wQcMBowGAYIKwYBBQUHMAGHDDE5Mi4xNjguMS40ODANBgkqhkiG9w0BAQUFAANBADQL7Wl6/FKR MhzXfHhdYd5YIhygUl7i5wCjFmyq6jLS9dzdePoHDMkaiVfeQxCFp8wPUwSlEBr66561iY3s94E= --0__=8525696C00659D538f9e8a93df938690918c8525696C00659D53-- From owner-imc-cml Tue Oct 3 05:19:50 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id FAA13519 for imc-cml-bks; Tue, 3 Oct 2000 05:19:50 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA13511 for ; Tue, 3 Oct 2000 05:19:48 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Tue, 3 Oct 2000 08:23:13 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C001A31C38@wfhqex01.wangfed.com> From: "McPherson, Clyde" To: eboudreault@motus.com, imc-cml@imc.org Subject: RE: DB files Date: Tue, 3 Oct 2000 08:23:13 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id FAA13512 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The data base used by the CML is a version of the GNU gdb database. -Tex -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Monday, October 02, 2000 2:03 PM To: imc-cml@imc.org Subject: DB files Hello, I just want to know what kind of DB are the certs.db and crl.db files. Homemade or ..... ????? What is his structure ? Thanks **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** From owner-imc-cml Tue Oct 3 06:11:59 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id GAA14893 for imc-cml-bks; Tue, 3 Oct 2000 06:11:59 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA14889 for ; Tue, 3 Oct 2000 06:11:57 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Tue, 3 Oct 2000 09:17:32 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C001A31C3F@wfhqex01.wangfed.com> From: "McPherson, Clyde" To: eboudreault@motus.com, imc-cml@imc.org Subject: RE: UTF-8 Date: Tue, 3 Oct 2000 09:15:21 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id GAA14890 Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Eric: Thanks for the bug fix for the DirectoryString. I have tried to decode your attached certificate, but it looks like your Subject and Issuer Organizational Name and Organiznational Unit Name have a bad tag and sequence in the encoded cert. Thanks Tex -----Original Message----- From: eboudreault@motus.com [mailto:eboudreault@motus.com] Sent: Monday, October 02, 2000 2:59 PM To: imc-cml@imc.org Subject: UTF-8 I think into "short cvt_DirectoryName(char **cm_name, DirectoryString *x_name)" in the file X_DecodeCert.cpp that we have a problem int these part of the code. there is the code now: /******************************************************/ ........ else if (x_name->choiceId == DirectoryString::utf8StringCid) { VDAGeneralString GenString; char *LDAPString = NULL; wchar_t *wPchar; UTF8String A; /* Get the Wide Character */ wPchar = *x_name->utf8String; /* Get the UTF-8 Encoding */ wPchar = A.GetWChar(); /* Convert the string to LDAP and return to caller */ GenString.cvt_StrtoLDAP(wPchar, &LDAPString); delete wPchar; /* Copy back for caller */ *cm_name = LDAPString; } ........ /******************************************************/ and there is the code that i think it's work: /******************************************************/ ........ else if (x_name->choiceId == DirectoryString::utf8StringCid) { VDAGeneralString GenString; char *LDAPString = NULL; wchar_t *wPchar; /* Get the Wide Character */ wPchar = (*x_name->utf8String).GetWChar(); /* Convert the string to LDAP and return to caller */ GenString.cvt_StrtoLDAP(wPchar, &LDAPString); free( wPchar); /* Copy back for caller */ *cm_name = LDAPString; } ........ /******************************************************/ I have an other question. Do you know if the decoding code of UTF-8 string work correctly ??? It's just because i try to decode a certificate with OU and O of the subject and the issuer in UTF-8 format, and i don't know if it's decoded correctly. You can found the certificate that i try to decode in attachement. Thanks **************************************************************************** ****************** Eric Boudreault ------------------------------------------------ Programmeur ------------------------------------------------ Motus Technologies 390, St-Vallier Est Bureau 100 Québec, Qc G1K 3P6 Tél.: 521-2100 ext.#242 Fax.: 521-2101 couriel: eboudreault@motus.com **************************************************************************** ****************** (See attached file: Certificat_Client1.cer) From owner-imc-cml Thu Oct 12 10:22:27 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA09873 for imc-cml-bks; Thu, 12 Oct 2000 10:22:27 -0700 (PDT) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA09642; Thu, 12 Oct 2000 10:20:37 -0700 (PDT) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id ; Thu, 12 Oct 2000 13:26:00 -0400 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B165F@wfhqex01.wangfed.com> From: "Pawling, John" To: "Pawling, John" Subject: v1.8 Certificate Management Library Now Available Date: Thu, 12 Oct 2000 13:22:51 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-imc-cml@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: All, Getronics Government Solutions (GGS) (formerly Wang Government Services) has delivered the Version 1.8 Certificate Management Library (CML). The v1.8 CML is freely available to everyone from the Fortezza Developers CML Page . The v1.8 CML is described in the v1.8 CML Application Programming Interface (API) document. It implements the 1997 X.509 certification path processing rules and SDN.706. It meets the majority of the IETF PKIX RFC 2459 Certificate/CRL Profile requirements. It (optionally) provides local cache management functions and (optionally) obtains data objects using the Lightweight Directory Access Protocol (LDAP). It can (optionally) be used in conjunction with the v1.31 Certificate Path Development Library (CPDL) developed by CygnaCom Solutions, an Entrust Technologies company, to provide robust certification path building capabilities such as using cross certificates. The CML has been used to validate X.509 Certificates and Certificate Revocation Lists (CRL) signed using the Digital Signature Algorithm (DSA) and RSA. Further enhancements, ports and testing of the CML are still in process. Further releases of the CML will be provided as significant capabilities are added. The following v1.8 CML files are available: CMLv18win.zip: MS Windows Dynamically Linked Libraries (DLL) CML18so.tar.Z: Sun Solaris Libraries CML18li.tar.Z: Linux Libraries CML18sr.tar.Z: Source, including Windows project files The aforementioned files and the v1.8 CML API document (CMv1_8api.doc, CMv1_8api.pdf), test certs (CML18data.zip) and readme.txt files are stored on the Fortezza Developers CML Page. The v1.8 CML includes the following enhancements (compared with the v1.71 CML release): 1) Fixed all bugs reported by customers. 2) Tested for MS Windows, Solaris 2.7 and Linux. On Linux and MS Windows, we tested the CML with the following crypto capabilities: internal calls to the internal SHA-1/DSA code; internal calls to RSAREF library; and using the Crypto++ Crypto Token Interface Libraries (CTIL) with the Crypto++ v3.2 library. 3) Tested using common v1.3 R4 Enhanced SNACC ASN.1 C Library, v1.8 CTILs and LIBCERT libraries shared with the v1.8 S/MIME Freeware Library (SFL) and v1.4 Access Control Library (ACL). The common, shared libraries are available from the Fortezza Developer's S/MIME Page . 4) Enhanced to process all recognized certificate and CRL extensions, regardless of criticality. 5) Implemented SDN.706 sigOrKMPrivileges and commPrivileges subordination checks. 6) Corrected processing of v2 subject and issuer unique identifiers. v1.71 CML incorrectly processed them as if they were key identifiers instead of distinguished name (DN) qualifiers. 7) Corrected cache/database code so that it stores distribution point CRLs under a separate entry in the cache/database that is identical to entry from which the CRL was retrieved. 8) Added name constraints processing for name forms specified in RFC 2459: rfc822Names, DNS Names and Uniform Resource Identifiers (URI). directoryName is already supported. 9) Added support for NULL subject DNs. (NOTE: Certs with a NULL subject DN will not be stored in the CML database.) 10) Added support for the RFC 2459 Authority Information Access (AIA) extension. This includes enhancing the CML to retrieve and check a CRL identified in an AIA extension by an LDAP address in the URI field. 11) Enhanced CRL retrieval processing. This includes identification of Authority Revocation List (ARL) vice CRLs and using the application-provided distribution points information in the CM_RequestCRLs function. This includes enhancing the CML to automatically search the directory for a current CRL when the current date is later than the nextUpdate field in a local CRL. This also includes enhancing the CML to retrieve and check a CRL identified in a CRLDistributionPoint (CRLDP) extension by an LDAP address in the URI field. This also includes the ability to process multiple URI fields in the CRLDP (especially to handle the case in which the initial URI field indicates a null server name (LDAP:///...)). 12) Added support for certificate policy qualifiers as described in RFC 2459. 13) Removal of the C++ SNACC conversion shared library (cmdec_cpp) (the v1.8 CML makes use of the C SNACC ASN.1 Library, but not the C++ SNACC ASN.1 Library). 14) Add CTIL interface shared library (cmctil). 15) Incorporated calls (IFDEFed) to BSAFE v5 library submitted by Secure Computing Corporation. 16) Enhanced CMTool to execute performance testing and memory leak testing. 17) Performed regression testing to ensure that aforementioned enhancements did not break existing CML functionality. We welcome all feedback regarding the CML software and documents. If bugs are reported, then we will investigate each reported bug and, if required, will produce a patch or an updated release of the s