[Mono-bugs] [Bug 71071][Blo] Changed - The machine certificate store is being ignored when creating SSL connections.
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Fri, 7 Jan 2005 16:54:32 -0500 (EST)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien@ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=71071
--- shadow/71071 2005-01-07 16:29:58.000000000 -0500
+++ shadow/71071.tmp.12010 2005-01-07 16:54:32.000000000 -0500
@@ -1,12 +1,12 @@
Bug#: 71071
Product: Mono: Class Libraries
Version: 1.1
OS: unknown
OS Details:
-Status: REOPENED
+Status: NEEDINFO
Resolution:
Severity: Unknown
Priority: Blocker
Component: Mono.Security
AssignedTo: sebastien@ximian.com
ReportedBy: rlyon@novell.com
@@ -63,6 +63,97 @@
We used certmgr with the -m option.
What do you want us to do with a public server?
You can create a connection with a certificate from the machine
store?
+
+------- Additional Comments From sebastien@ximian.com 2005-01-07 16:54 -------
+Yes I can (with the actual steps) but it could be because your web
+application been restarted after adding the new root certificate. The
+stores (like the other security policies in .NET) aren't refreshed (if
+updated) until the application re-starts.
+
+If this isn't a refresh problem then at which step are you having a
+different result than mine ?
+
+
+1 - First try (with error). I get a chaining error because I don't
+have the root certificate trusted.
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> mono
+tlstest.exe --web https://www.geotrust.com
+
+https://www.geotrust.com
+CERTIFICATE:
+ Format: X509
+ Name: C=US, O=www.geotrust.com,
+OU=https://services.choicepoint.net/get.jsp?1869770350, OU=See
+www.geotrust.com/quickssl/cps (c)03, OU=Domain Control Validated,
+CN=www.geotrust.com
+ Issuing CA: C=US, O=Equifax, OU=Equifax Secure Certificate
+Authority
+ Key Algorithm: 1.2.840.113549.1.1.1
+ Serial Number: 9C7204
+ Key Alogrithm Parameters: 0500
+ Public Key:
+30818902818100B2E7136BEFB328DF7F0C6A908559193DFB85D2A009A07353506B1C8BA5FE5814B11CC29201E131D0268062D61F96C934E9793EEF5D6CCDBFD2A3A01F82257B19582FDB27E7B476CEFD3BD40E486B9C6DC74D7F6D1080A2F65B2DA83D0848A5941237B1349B6258C91A34A67C39CBEED0496E9047748055B7F988A626A345A6E50203010001
+
+
+ Valid From: 12/8/2003 4:52:59 AM
+ Valid Until: 12/7/2008 4:52:59 AM
+
+Error #-2146762486: CERT_E_CHAINING 0x800B010A
+
+
+2 - su
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> su
+Password:
+
+3 - install the root certificate into the machine Trust store
+
+pollux:/home/poupou/svn/mcs/class/Mono.Security/Test/tools/tlstest #
+certmgr -add -c -m Trust /home/poupou/equifax.cer
+Mono Certificate Manager 1.0.3.0
+Copyright 2002, 2003 Motus Technologies. Copyright 2004 Novell. BSD
+licensed.
+
+1 certificate(s) added to store Trust.
+
+4 - back to my normal user
+
+pollux:/home/poupou/svn/mcs/class/Mono.Security/Test/tools/tlstest # exit
+exit
+
+5 - retry the web site (without error)
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> mono
+tlstest.exe --web https://www.geotrust.com
+
+https://www.geotrust.com
+
+
+6 - validation #1 - I got no root certificate in the user store
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> ls
+~/.config/.mono/certs/Trust/
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest>
+
+
+7 - validation #2 - I got only one certificate in the machine store
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> ls
+/usr/share/.mono/certs/Trust/
+ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+
+
+8 - validation #3 - This is thr equifax root certificate
+
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> md5sum
+/usr/share/.mono/certs/Trust/ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+67cb9dc013248a829bb2171ed11becd4
+/usr/share/.mono/certs/Trust/ski-48E668F92BD2B295D747D82320104F3398909FD4.cer
+poupou@pollux:~/svn/mcs/class/Mono.Security/Test/tools/tlstest> md5sum
+/home/poupou/equifax.cer 67cb9dc013248a829bb2171ed11becd4
+/home/poupou/equifax.cer
+