[Mono-bugs] [Bug 69805][Nor] Changed - SslClientStream - Server Certificate Validation

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 22 Nov 2004 14:31:44 -0500 (EST)

Previous message: [Mono-bugs] [Bug 69805][Blo] New - SslClientStream - Server Certificate Validation
Next message: [Mono-bugs] [Bug 69721][Wis] Changed - Add /key switch to ilasm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=69805

--- shadow/69805	2004-11-22 13:41:55.000000000 -0500
+++ shadow/69805.tmp.20102	2004-11-22 14:31:44.000000000 -0500
@@ -1,15 +1,15 @@
 Bug#: 69805
 Product: Mono: Class Libraries
 Version: unspecified
-OS: 
+OS: unknown
 OS Details: .NET Framework v1.1
-Status: NEW   
-Resolution: 
-Severity: 
-Priority: Blocker
+Status: RESOLVED   
+Resolution: NOTABUG
+Severity: Unknown
+Priority: Normal
 Component: Mono.Security
 AssignedTo: mono-bugs@ximian.com                            
 ReportedBy: meddochat@zonnet.nl               
 QAContact: mono-bugs@ximian.com
 TargetMilestone: ---
 URL: 
@@ -47,6 +47,62 @@
 you shouldn't get an exception
 
 How often does this happen? 
   always
 
 Additional Information:
+
+------- Additional Comments From sebastien@ximian.com  2004-11-22 14:31 -------
+The connection won't be established if the certificate isn't trusted.
+
+The best way to diagnose such problems is to use tlstest.exe. The
+tools is located under:
+/mcs/class/Mono.Security/Test/tools/tlstest
+
+E.g.
+mono tlstest.exe https://sourceforge.net/
+ 
+https://sourceforge.net/
+CERTIFICATE:
+        Format:  X509
+        Name:  C=US, O=sourceforge.net, OU=Business Registration:
+https://services.choicepoint.net/get.jsp?3754508056, OU=See
+www.geotrust.com/quickssl/cps (c)03, OU=Domain Control Validated,
+CN=sourceforge.net
+        Issuing CA:  C=US, O=Equifax, OU=Equifax Secure Certificate
+Authority
+        Key Algorithm:  1.2.840.113549.1.1.1
+        Serial Number:  4CBE03
+        Key Alogrithm Parameters:  0500
+        Public Key: 
+30818902818100DA384A6B652933BE054B57B3BCD40EB0C141F4C3A6703CEECADF3003ADB10B5D7556214D7B5864CB72E85B093A21178E5DFAAA290942DB13453063E564DA6B7ED9D5DEF7BB750209C29CED4E7D8A83D2A7018C0923AB2C48670A8268ABE91FF23AFA18B25EBACC73FC7FC0D3CBF8E42FBFC61CB72F82DB33BA830931BE16C2A30203010001
+ 
+ 
+        Valid From:  4/8/2003 4:24:14 PM
+        Valid Until: 4/8/2005 4:24:14 PM
+ 
+Error #-2146762486: CERT_E_CHAINING 0x800B010A
+
+This means that a chain couldn't be built to a trusted root
+certificate. Download the root certificate (e.g. from a web browser)
+and install it in the Trust store with the certmgr tool.
+
+E.g.
+certmgr -add -c Trust ~/equifax.cer
+
+See "man certmgr" for more details.
+
+If you're building an application you better implement an
+ICertificatePolicy class and show an appropriate UI to the end-user.
+
+*********************
+Note that if you use:
+mono tlstest.exe https://www.sourceforge.net/
+(with the "www.") you'll get another error (in addition) as the name
+of the site doesn't match the name in the certificate.
+
+Error #-2146762481: CERT_E_CN_NO_MATCH 0x800B010F
+Error #-2146762486: CERT_E_CHAINING 0x800B010A
+
+Both FireFox 1.0 and IE6 will flag this as an "error" as ask for user
+confirmation before continuing the session.
+

Previous message: [Mono-bugs] [Bug 69805][Blo] New - SslClientStream - Server Certificate Validation
Next message: [Mono-bugs] [Bug 69721][Wis] Changed - Add /key switch to ilasm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]