private static void DownloadAndAddCrl( X509Certificate2 cert, SafeX509StoreHandle store, ref TimeSpan remainingDownloadTime) { string url = GetCdpUrl(cert); if (url == null) { return; } // X509_STORE_add_crl will increase the refcount on the CRL object, so we should still // dispose our copy. using (SafeX509CrlHandle crl = CertificateAssetDownloader.DownloadCrl(url, ref remainingDownloadTime)) { // null is a valid return (e.g. no remainingDownloadTime) if (crl != null && !crl.IsInvalid) { if (!Interop.Crypto.X509StoreAddCrl(store, crl)) { // Ignore error "cert already in store", throw on anything else. In any case the error queue will be cleared. if (X509_R_CERT_ALREADY_IN_HASH_TABLE == Interop.Crypto.ErrPeekLastError()) { Interop.Crypto.ErrClearError(); } else { throw Interop.Crypto.CreateOpenSslCryptographicException(); } } // Saving the CRL to the disk is just a performance optimization for later requests to not // need to use the network again, so failure to save shouldn't throw an exception or mark // the chain as invalid. try { string crlFile = GetCachedCrlPath(cert, mkDir: true); using (SafeBioHandle bio = Interop.Crypto.BioNewFile(crlFile, "wb")) { if (bio.IsInvalid || Interop.Crypto.PemWriteBioX509Crl(bio, crl) == 0) { // No bio, or write failed Interop.Crypto.ErrClearError(); } } } catch (UnauthorizedAccessException) { } catch (IOException) { } } } }
private static void DownloadAndAddCrl( X509Certificate2 cert, SafeX509StoreHandle store, ref TimeSpan remainingDownloadTime) { string url = GetCdpUrl(cert); if (url == null) { return; } // X509_STORE_add_crl will increase the refcount on the CRL object, so we should still // dispose our copy. using (SafeX509CrlHandle crl = CertificateAssetDownloader.DownloadCrl(url, ref remainingDownloadTime)) { // null is a valid return (e.g. no remainingDownloadTime) if (crl != null && !crl.IsInvalid) { // TODO (#3063): Check the return value of X509_STORE_add_crl, and throw on any error other // than X509_R_CERT_ALREADY_IN_HASH_TABLE Interop.libcrypto.X509_STORE_add_crl(store, crl); // Saving the CRL to the disk is just a performance optimization for later requests to not // need to use the network again, so failure to save shouldn't throw an exception or mark // the chain as invalid. try { string crlFile = GetCachedCrlPath(cert, mkDir: true); using (SafeBioHandle bio = Interop.libcrypto.BIO_new_file(crlFile, "wb")) { if (!bio.IsInvalid) { Interop.libcrypto.PEM_write_bio_X509_CRL(bio, crl); } } } catch (IOException) { } } } }