Статус: Активный участник
Группы: Участники
Зарегистрирован: 25.05.2009(UTC) Сообщений: 30 Откуда: Moscow
|
Нет, не заработало, ошибся. Вот лог. На машине установлен, но не настроен OCSP-клиент, проверяется подпись Cades BES, CRL с cryptopro.ru установлен в промежуточные сертификаты. Код:[2776] cades.dll: {2192} /CadesVerifyDetachedMessage/ cades.cpp(2301) : (pVerifyPara=0x47DDF3C8, dwSignerIndex=0, pbDetachedSignBlob=0x46ECB010, cbDetachedSignBlob=3286, cToBeSigned=1, rgpbToBeSigned=0x47DDF42C, rgcbToBeSigned=0x47DDF3C4, ppVerificationInfo=0x47DDF428)
[2776] cades.dll: {2192} /CadesMsgVerifySignature/ cades.cpp(1773) : (hCryptMsg=0x000BC388, dwSignatureIndex=0, pVerificationPara=0x47DDEFBC), ppVerificationInfo=0x47DDF428)
[2776] cades.dll: {2192} /CadesMsgVerifySignatureImpl/ cades.cpp(1560) : Input parameters checked
[2776] cades.dll: {1352} /DllMain/ cades.cpp(3796) : hInstance=6E000000, dwReason=2 lpReserved=0
[2776] cades.dll: {2192} /CadesMsgVerifySignatureImplNamespace::VerifyMessageSignature/ cades.cpp(1498) : Signature verification started
[2776] cades.dll: {2192} /CadesMsgVerifySignatureImplNamespace::VerifyMessageSignature/ cades.cpp(1508) : Signature verified
[2776] cades.dll: {2192} /CChainValidationProcess::validateChain/ ChainValidation.h(1043) : #start#
[2776] cades.dll: {2192} /CChainValidationProcess::buildChain/ ChainValidation.h(1073) : #start#
[2776] cades.dll: {2192} /CChainWalker::walk/ ChainValidation.h(901) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::verifyTime/ ChainValidation.h(288) : #start#
[2776] cades.dll: {2192} /CChainPolicyVerification::verifyTime/ ChainValidation.h(630) : #start#
[2776] cades.dll: {2192} /CChainPolicyVerification::verifyTime/ ChainValidation.h(632) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::evidenceVerifyTime/ ChainValidation.h(294) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::chainContext/ ChainValidation.h(300) : #start#
[2776] cades.dll: {2192} /CSingleChain::chainContext/ ChainValidation.h(473) : #start#
[2776] cades.dll: {2192} /CSingleChain::chainContext/ ChainValidation.h(477) : #success#
[2776] cades.dll: {2192} /CChainStatus::chainContext/ ChainValidation.h(497) : #start#
[2776] cades.dll: {2192} /CChainStatus::chainContext/ ChainValidation.h(514) : #success#
[2776] cades.dll: {2192} /CChainPolicyVerification::chainContext/ ChainValidation.h(636) : #start#
[2776] pkivalidator.dll: {2192} /CertDllVerifySignatureCertificateChainPolicy/ CertDllVerifyCertificateChainPolicy.cpp(48) : Start
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(13) : Start
[2776] pkivalidator.dll: {2192} /CheckInitAndGetExtraStatus/ CertDllVerifyCertificateChainPolicyImpl.cpp(903) : pExtraStatus = 0x00000000
[2776] pkivalidator.dll: {2192} /CheckAndGetExtraPara/ CertDllVerifyCertificateChainPolicyImpl.cpp(867) : pExtraPara = 0x48a093d4
[2776] pkivalidator.dll: {2192} /CertDllVerifyPrivateKeyUsagePeriodCertificateChainPolicy/ CertDllVerifyCertificateChainPolicy.cpp(46) : Start
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(13) : Start
[2776] pkivalidator.dll: {2192} /CheckInitAndGetExtraStatus/ CertDllVerifyCertificateChainPolicyImpl.cpp(903) : pExtraStatus = 0x00000000
[2776] pkivalidator.dll: {2192} /CheckAndGetExtraPara/ CertDllVerifyCertificateChainPolicyImpl.cpp(867) : pExtraPara = 0x47ddd670
[2776] pkivalidator.dll: {2192} /CertDllVerifyBasicConstraintsCertificateChainPolicy/ CertDllVerifyCertificateChainPolicy.cpp(55) : Start
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(13) : Start
[2776] pkivalidator.dll: {2192} /ReportError/ CertDllVerifyCertificateChainPolicyImpl.cpp(1001) : No error encountered. Other checks can be performed - returning false.
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(29) : Finish. Returning TRUE.
[2776] pkivalidator.dll: {2192} /ReportError/ CertDllVerifyCertificateChainPolicyImpl.cpp(1001) : No error encountered. Other checks can be performed - returning false.
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(29) : Finish. Returning TRUE.
[2776] pkivalidator.dll: {2192} /ReportError/ CertDllVerifyCertificateChainPolicyImpl.cpp(1001) : No error encountered. Other checks can be performed - returning false.
[2776] pkivalidator.dll: {2192} /CertDllVerifyCertificateChainPolicyProxy/ CertDllVerifyCertificateChainPolicy.cpp(29) : Finish. Returning TRUE.
[2776] cades.dll: {2192} /CChainPolicyVerification::chainContext/ ChainValidation.h(663) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::chain/ ChainValidation.h(306) : #start#
[2776] cades.dll: {2252} /DllMain/ cades.cpp(3796) : hInstance=6E000000, dwReason=2 lpReserved=0
[2776] cades.dll: {2192} /CChainObserverQueue::firstElement/ ChainValidation.h(313) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::firstElement/ ValidationEvidence.h(1913) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::checkCertificate/ ValidationEvidence.h(1948) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::checkCertificate/ ValidationEvidence.h(1950) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::lastElement/ ChainValidation.h(327) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::lastElement/ ValidationEvidence.h(1925) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::checkCertificate/ ValidationEvidence.h(1948) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::checkCertificate/ ValidationEvidence.h(1950) : #success#
[2776] cades.dll: {2192} /CChainWalker::walk/ ChainValidation.h(964) : #success#
[2776] cades.dll: {2192} /CChainValidationProcess::checkRevocation/ ChainValidation.h(1095) : #start#
[2776] cades.dll: {2192} /CChainWalker::walk/ ChainValidation.h(901) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::verifyTime/ ChainValidation.h(288) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::verifyTime/ ChainValidation.h(288) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::verifyTime/ RevocationCheck.h(706) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::verifyTime/ RevocationCheck.h(708) : #success#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::verifyTime/ RevocationCheck.h(706) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::verifyTime/ RevocationCheck.h(708) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::evidenceVerifyTime/ ChainValidation.h(294) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::evidenceVerifyTime/ ChainValidation.h(294) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::evidenceVerifyTime/ RevocationCheck.h(712) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::evidenceVerifyTime/ RevocationCheck.h(714) : #success#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::evidenceVerifyTime/ RevocationCheck.h(712) : #start#
[2776] cades.dll: {2192} /CCertificateRevocationCheck::evidenceVerifyTime/ RevocationCheck.h(714) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::chainContext/ ChainValidation.h(300) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::chainContext/ ChainValidation.h(300) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::chain/ ChainValidation.h(306) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::chain/ ChainValidation.h(306) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::firstElement/ ChainValidation.h(313) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::firstElement/ ChainValidation.h(313) : #start#
[2776] cades.dll: {2192} /CEndCertificateRevocationCheck::firstElement/ RevocationCheck.h(747) : #start#
[2776] cades.dll: {2192} /CRevocationCheckerQueue::checkRevocation/ RevocationCheck.h(49) : #start#
[2776] cades.dll: {2192} /COcspCheck::checkRevocation/ RevocationCheck.h(330) : #start#
[2776] cades.dll: {2192} /COcspCheck::retrieveOcspResponse/ RevocationCheck.h(618) : #start#
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::LoadGroupPolicy/ OCSPRequest_Impl.cpp(161) : Loading GP...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::LoadGroupPolicy/ OCSPRequest_Impl.cpp(161) : Loading GP...
[2776] cades.dll: {2192} /COcspCheck::retrieveOcspResponse/ RevocationCheck.h(630) : Request object initialized
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::CheckPolicies/ OCSPRequest_Impl.cpp(232) : Checking policies...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::CheckPolicies/ OCSPRequest_Impl.cpp(246) : Checking policies... OK.
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::MakeRequest/ OCSPRequest_Impl.cpp(368) : Making request...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::MakeRequest/ OCSPRequest_Impl.cpp(373) : Filling SRs...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::MakeRequest/ OCSPRequest_Impl.cpp(402) : Filling extensions...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::MakeRequest/ OCSPRequest_Impl.cpp(440) : Encoding request...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::MakeRequest/ OCSPRequest_Impl.cpp(442) : Making request... OK.
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::Send/ OCSPRequest_Impl.cpp(578) : Sending request to "http://www.cryptopro.ru/ocspnc/ocsp.srf"...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::CheckPolicies/ OCSPRequest_Impl.cpp(250) : Checking HTTP policies...
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::CheckPolicies/ OCSPRequest_Impl.cpp(360) : Checking HTTP policies... OK.
[2776] 17:38:15.444 ::*Session* :: WinHttpCrackUrl("http://www.cryptopro.ru/ocspnc/ocsp.srf", 0x0, 0x0, 0x47ddd0fc)
[2776] 17:38:15.444 ::*Session* :: WinHttpCrackUrlA("http://www.cryptopro.ru/ocspnc/ocsp.srf", 0x27, 0x0, 0x47ddcfb0)
[2776] 17:38:15.444 ::*Session* :: WinHttpCrackUrlA() returning TRUE
[2776] 17:38:15.444 ::*Session* :: WinHttpCrackUrl() returning TRUE
[2776] 17:38:15.444 ::*Session* :: WinHttpOpen("Crypto-Pro ocspcli.dll", (1), "", "", 0x0)
[2776] 17:38:15.444 ::*Session* :: WinHttpOpen() returning handle 0x488f5000
[2776] 17:38:15.444 ::*Session* :: DoConnectoidsExist()
[2776] 17:38:15.444 ::*Session* :: DoConnectoidsExist() returning TRUE
[2776] 17:38:15.444 ::*Session* :: WinHttpSetOption(0x488f5000, (38), 0x47ddd0e8 [0x3], 12)
[2776] 17:38:15.444 ::*Session* :: WinHttpSetOption() returning TRUE
[2776] 17:38:15.444 ::*Session* :: WinHttpConnect(0x488f5000, "www.cryptopro.ru", 80, 0x0)
[2776] 17:38:15.444 ::*Session* :: WinHttpConnect() returning handle 0x488f5300
[2776] 17:38:15.444 ::*Session* :: WinHttpOpenRequest(0x488f5300, "POST", "ocspnc/ocsp.srf", "", "", 0x0, 0x00000000)
[2776] 17:38:15.444 ::*Session* :: WinHttpCreateUrlA(0x47ddce90, 0x0, 0x4f760000, 0x47ddcecc)
[2776] 17:38:15.444 ::*Session* :: WinHttpCreateUrlA() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpOpenRequest() returning handle 0x4f742000
[2776] 17:38:15.444 ::*0000004* :: WinHttpSetOption(0x4f742000, (77), 0x47ddd0b0 [0x2], 4)
[2776] 17:38:15.444 ::*0000004* :: WinHttpSetOption() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpSendRequest(0x4f742000, "Content-type: application/ocsp-request", -1, 0x4d216448, 129, 129, 0)
[2776] 17:38:15.444 ::*0000004* :: WinHttpCreateUrlA(0x47ddce2c, 0x0, 0x4f760000, 0x47ddce10)
[2776] 17:38:15.444 ::*0000004* :: WinHttpCreateUrlA() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: Using proxy server: proxy.bftcom.com:8080
[2776] 17:38:15.444 ::*0000004* :: "proxy.bftcom.com" resolved
[2776] 17:38:15.444 ::*0000004* :: sending data:
[2776] 17:38:15.444 ::*0000004* :: 337 (0x151) bytes
[2776] 17:38:15.444 ::*0000004* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>>
[2776] 17:38:15.444 ::*0000004* ::
[2776] POST http://www.cryptopro.ru/ocspnc/ocsp.srf HTTP/1.1
[2776] 17:38:15.444 ::*0000004* :: Content-type: application/ocsp-request
[2776] 17:38:15.444 ::*0000004* :: User-Agent: Crypto-Pro ocspcli.dll
[2776] 17:38:15.444 ::*0000004* ::
[2776] Host: www.cryptopro.ru
[2776] 17:38:15.444 ::*0000004* :: Content-Length: 129
[2776] 17:38:15.444 ::*0000004* ::
[2776] Proxy-Connection: Keep-Alive
[2776]
[2776] 17:38:15.444 ::*0000004* :: <<<<-------- End ----------------------------------------------->>>>
[2776] 17:38:15.444 ::*0000004* :: WinHttpSendRequest() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpReceiveResponse(0x4f742000, 0x0)
[2776] 17:38:15.444 ::*0000004* :: received data:
[2776] 17:38:15.444 ::*0000004* :: 1024 (0x400) bytes
[2776] 17:38:15.444 ::*0000004* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>>
[2776] 17:38:15.444 ::*0000004* ::
[2776] HTTP/1.0 407 Proxy Authentication Required
[2776] 17:38:15.444 ::*0000004* :: Server: squid/2.6.STABLE19
[2776] 17:38:15.444 ::*0000004* :: Date: Thu, 02 Jul 2009 13:38:15 GMT
[2776] 17:38:15.444 ::*0000004* :: Content-Type: text/html
[2776] 17:38:15.444 ::*0000004* ::
[2776] Content-Length: 1354
[2776] 17:38:15.444 ::*0000004* :: Expires: Thu, 02 Jul 2009 13:38:15 GMT
[2776] 17:38:15.444 ::*0000004* :: X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
[2776] 17:38:15.444 ::*0000004* :: Proxy-Authenticate: Basic realm
[2776] ="Squid proxy-caching web server"
[2776] 17:38:15.444 ::*0000004* :: X-Cache: MISS from igwbft2.bftcom.com
[2776] 17:38:15.444 ::*0000004* :: X-Cache-Lookup: NONE from igwbft2.bftcom.com:8080
[2776] 17:38:15.444 ::*0000004* ::
[2776] Via: 1.0 igwbft2.bftcom.com:8080 (squid/2.6.STABLE19)
[2776] 17:38:15.444 ::*0000004* ::
[2776] Proxy-Connection: close
[2776]
[2776] 17:38:15.444 ::*0000004* :: <<<<-------- End ----------------------------------------------->>>>
[2776] 17:38:15.444 ::*0000004* :: WinHttpReceiveResponse() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryHeaders(0x4f742000, (0x20000013), "null", 0x4d53233c, 0x47ddd0b4 [4], 0x0 [0])
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryHeaders() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryAuthSchemes(0x4f742000, 0x47ddd0ac, 0x47ddd0d0)
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryAuthSchemes() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryAuthSchemes(0x4f742000, 0x47ddd0ac, 0x47ddd0d0)
[2776] 17:38:15.444 ::*0000004* :: WinHttpQueryAuthSchemes() returning TRUE
[2776] 17:38:15.444 ::*0000004* :: WinHttpCloseHandle(0x4f742000)
[2776] 17:38:15.444 ::*0000004* :: WinHttpCloseHandle() returning TRUE
[2776] 17:38:15.444 ::*Session* :: WinHttpCloseHandle(0x488f5300)
[2776] 17:38:15.444 ::*Session* :: WinHttpCloseHandle() returning TRUE
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::SendOCSPRequest/ OCSPRequest_Impl.cpp(645) : HTTP STATUS: 407
[2776] ocspcli.dll: {2192} /CryptoPro::PKI::OCSP::Client::CRequest::Impl::Send/ OCSPRequest_Impl.cpp(584) : Error occurred: 0xC2110100. Level: 3
[2776] cades.dll: {2192} /COcspCheck::retrieveOcspResponse/ RevocationCheck.h(646) : #success#
[2776] 17:38:15.444 ::*Session* :: WinHttpCloseHandle(0x488f5000)
[2776] 17:38:15.444 ::*Session* :: WinHttpCloseHandle() returning TRUE
[2776] cades.dll: {2192} /COcspCheck::checkRevocation/ RevocationCheck.h(369) : #failure# HRESULT: (0xc2110100)
[2776] cades.dll: {2192} /COcspCheck::checkRevocation/ RevocationCheck.h(369) : Cannot find OCSP response for certificate.
[2776] cades.dll: {2192} /COcspCheck::checkRevocation/ RevocationCheck.h(369) :
[2776] cades.dll: {2192} /CCrlCheck::checkRevocation/ RevocationCheck.h(97) : #start#
[2776] cades.dll: {2192} /CCrlCheck::checkRevocation/ RevocationCheck.h(99) : Checking certificate in CRL
[2776] cades.dll: {2192} /CCrlCheck::findAndVerifyInCrl/ RevocationCheck.h(135) : #start#
[2776] cades.dll: {2192} /CCrlCheck::findInElementAndVerifyInCrl/ RevocationCheck.h(176) : #start#
[2776] cades.dll: {2192} /CCrlCheck::findInElementAndVerifyInCrl/ RevocationCheck.h(183) : #success#
[2776] cades.dll: {2192} /CCrlCheck::findInStoreAndVerifyInCrl/ RevocationCheck.h(202) : #start#
[2776] cades.dll: {2192} /CCrlCheck::verifyCertificateInCrl/ RevocationCheck.h(271) : #start#
[2776] cades.dll: {2192} /CCrlCheck::verifyCertificateInCrl/ RevocationCheck.h(308) : #success#
[2776] cades.dll: {2192} /CCrlCheck::findInStoreAndVerifyInCrl/ RevocationCheck.h(216) : #success#
[2776] cades.dll: {2192} /CCrlCheck::findAndVerifyInCrl/ RevocationCheck.h(155) : #success#
[2776] cades.dll: {2192} /CCrlCheck::checkRevocation/ RevocationCheck.h(107) : Certificate is checked in CRL
[2776] cades.dll: {2192} /CEvidenceMatch::appendCrl/ ValidationEvidence.h(1882) : #start#
[2776] cades.dll: {2192} /CEvidenceMatch::appendCrl/ ValidationEvidence.h(1884) : #success#
[2776] cades.dll: {2192} /CCrlCheck::checkRevocation/ RevocationCheck.h(112) : #success#
[2776] cades.dll: {2192} /CChainObserverQueue::lastElement/ ChainValidation.h(327) : #start#
[2776] cades.dll: {2192} /CChainObserverQueue::lastElement/ ChainValidation.h(327) : #start#
[2776] cades.dll: {2192} /CChainWalker::walk/ ChainValidation.h(964) : #success#
[2776] cades.dll: {2192} /CChainValidationProcess::validateChain/ ChainValidation.h(1064) : #success#
[2776] cades.dll: {2192} /CadesMsgVerifySignature/ cades.cpp(1795) : (res=1, GetLastError=0x00000000
[2776] cades.dll: {2192} /CadesVerifyDetachedMessage/ cades.cpp(2325) : (res=1, GetLastError=0x00000000
[2776] cades.dll: {2192} /CadesFreeVerificationInfo/ cades.cpp(2341) : (pVerificationInfo=0x48A06960)
[2776] cades.dll: {2192} /CadesFreeVerificationInfo/ cades.cpp(2360) : (res=1, GetLastError=0x000000b7
Как можно убрать обращение к OCSP-серверу при проверке подписи?
|