[Mono-bugs] [Bug 71071][Blo] Changed - The machine certificate store is being ignored when creating SSL connections.

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Fri, 7 Jan 2005 16:54:32 -0500 (EST)


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=71071

--- shadow/71071	2005-01-07 16:29:58.000000000 -0500
+++ shadow/71071.tmp.12010	2005-01-07 16:54:32.000000000 -0500
@@ -1,12 +1,12 @@
 Bug#: 71071
 Product: Mono: Class Libraries
 Version: 1.1
 OS: unknown
 OS Details: 
-Status: REOPENED   
+Status: NEEDINFO   
 Resolution: 
 Severity: Unknown
 Priority: Blocker
 Component: Mono.Security
 AssignedTo: sebastien@ximian.com                            
 ReportedBy: rlyon@novell.com               
@@ -63,6 +63,97 @@
 We used certmgr with the -m option.
 
 What do you want us to do with a public server?
 
 You can create a connection with a certificate from the machine 
 store?
+
+------- Additional Comments From sebastien@ximian.com  2005-01-07 16:54 -------
+Yes I can (with the actual steps) but it could be because your web
+application been restarted after adding the new root certificate. The
+stores (like the other security policies in .NET) aren't refreshed (if
+updated) until the application re-starts.
+
+If this isn't a refresh problem then at which step are you having a
+different result than mine ?
+
+
+1 - First try (with error). I get a chaining error because I don't
+have the root certificate trusted.
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> mono
+tlstest.exe --web https://www.geotrust.com
+ 
+https://www.geotrust.com
+CERTIFICATE:
+        Format:  X509
+        Name:  C=US, O=www.geotrust.com,
+OU=https://services.choicepoint.net/get.jsp?1869770350, OU=See
+www.geotrust.com/quickssl/cps (c)03, OU=Domain Control Validated,
+CN=www.geotrust.com
+        Issuing CA:  C=US, O=Equifax, OU=Equifax Secure Certificate
+Authority
+        Key Algorithm:  1.2.840.113549.1.1.1
+        Serial Number:  9C7204
+        Key Alogrithm Parameters:  0500
+        Public Key: 
+30818902818100B2E7136BEFB328DF7F0C6A908559193DFB85D2A009A07353506B1C8BA5FE5814B11CC29201E131D0268062D61F96C934E9793EEF5D6CCDBFD2A3A01F82257B19582FDB27E7B476CEFD3BD40E486B9C6DC74D7F6D1080A2F65B2DA83D0848A5941237B1349B6258C91A34A67C39CBEED0496E9047748055B7F988A626A345A6E50203010001
+ 
+ 
+        Valid From:  12/8/2003 4:52:59 AM
+        Valid Until: 12/7/2008 4:52:59 AM
+ 
+Error #-2146762486: CERT_E_CHAINING 0x800B010A
+
+
+2 - su
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> su
+Password:
+
+3 - install the root certificate into the machine Trust store
+
+pollux:/home/poupou/svn/mcs/class/Mono.Security/Test/tools/tlstest #
+certmgr -add -c -m Trust /home/poupou/equifax.cer
+Mono Certificate Manager 1.0.3.0
+Copyright 2002, 2003 Motus Technologies. Copyright 2004 Novell. BSD
+licensed.
+ 
+1 certificate(s) added to store Trust.
+
+4 - back to my normal user
+
+pollux:/home/poupou/svn/mcs/class/Mono.Security/Test/tools/tlstest # exit
+exit
+
+5 - retry the web site (without error)
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> mono
+tlstest.exe --web https://www.geotrust.com
+ 
+https://www.geotrust.com
+
+
+6 - validation #1 - I got no root certificate in the user store
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> ls
+~/.config/.mono/certs/Trust/
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest>
+
+
+7 - validation #2 - I got only one certificate in the machine store
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> ls
+/usr/share/.mono/certs/Trust/
+ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+
+
+8 - validation #3 - This is thr equifax root certificate
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> md5sum
+/usr/share/.mono/certs/Trust/ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+67cb9dc013248a829bb2171ed11becd4 
+/usr/share/.mono/certs/Trust/ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> md5sum
+/home/poupou/equifax.cer 67cb9dc013248a829bb2171ed11becd4 
+/home/poupou/equifax.cer
+