[Mono-bugs] [Bug 77047][Nor] Changed - CERT_E_PURPOSE error on
certificate
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Tue Dec 20 15:24:46 EST 2005
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=77047
--- shadow/77047 2005-12-20 15:06:58.000000000 -0500
+++ shadow/77047.tmp.14884 2005-12-20 15:24:46.000000000 -0500
@@ -1,14 +1,14 @@
Bug#: 77047
Product: Mono: Class Libraries
Version: 1.1
-OS:
+OS: unknown
OS Details:
-Status: NEW
+Status: NEEDINFO
Resolution:
-Severity:
+Severity: Unknown
Priority: Normal
Component: Mono.Security
AssignedTo: sebastien at ximian.com
ReportedBy: colin at univ-metz.fr
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
@@ -33,6 +33,39 @@
Expected Results:
it doesn't.
thanks,
Cyrille.
+
+------- Additional Comments From sebastien at ximian.com 2005-12-20 15:24 -------
+No surprise here ;-)
+
+The key element is that Mono provides both a client and a server-side
+SSL stream. This means that...
+
+The client-side handshakes (namespace
+Mono.Security.Protocol.Tls.Handshake.Client) check for the server
+certificate (TlsServerCertificate.cs).
+
+The server-side handshakes (namespace
+Mono.Security.Protocol.Tls.Handshake.Server) check for the client
+certificate (TlsClientCertificate.cs).
+
+Both private methods are named checkCertificateUsage (in both files)
+but they don't make the same checks (well some of them are similar but
+some are different).
+
+Now in your case (using tlstest) you're using the client stream, so
+it's the TlsServerCertificate.checkCertificateUsage method that gets
+called (to check the server certificate) and the CERT_E_PURPOSE means
+that the call returned false.
+
+So it looks like you're using a v3 x.509 certificate without the
+appropriate extensions to mark the public key as usable for
+server-side SSL. Which leads me to believe that you didn't use Mono's
+(or even MS) makecert to create that certificate and, more important,
+that you didn't provide your tool with the right options to create a
+server-side certificate.
+
+Please attach your SSL certificate to the bug report if you want me to
+check what's wrong with it.
More information about the mono-bugs
mailing list