[Mono-bugs] [Bug 62803][Nor] Changed - Problem using Novell.Directory.Ldap with SSL from Mono.Security

[bugzilla-daemon@bugzilla.ximian.com]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=62803

--- shadow/62803	2004-08-10 12:37:00.000000000 -0400
+++ shadow/62803.tmp.20676	2004-08-11 10:03:50.000000000 -0400
@@ -28,6 +28,32 @@
 I've updated (in HEAD) the certmgr.exe tool to support the "machine"
 stores (-m) and Mono.Security.dll not to throw exception when building
 certificate/CRL lists from non-accessible stores.
 
 Theses fixes will also be applied in the MONO_1_0 branch when this bug
 is fixed.
+
+------- Additional Comments From sebastien@ximian.com  2004-08-11 10:03 -------
+Connecting to:nldap.com
+Detected errors in the Server Certificate:
+-2146762481
+-2146762487
+Error:91
+
+-2146762481 means that the certificate's DN doesn't match the server
+name, and
+-2146762487 means that the root certificate isn't trusted.
+
+Now the *ultimate* decision whether to trust, or not, a SSL/TLS
+session with a "broken" certificate is application specific. In this
+case Novell.Directory.Ldap has some code in Connection.cs.
+
+This the code allows for a single error, a non-matching DN, to work.
+Now if false is returned to the SslClientStream class the handshake
+will be canceled (by design) and an exception will be thrown. This is
+(most probably) what's happening and is catch by the Ldap code and
+transformed into error code 91.
+
+However you should see the "Detected errors in the Server
+Certificate:" is there's no error to report. Are you seing it with a
+"0" error code ?
+