[Mono-bugs] [Bug 76258][Nor] Changed - SSL client certificate doesn't work with IE.

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Sep 28 13:51:24 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/76258	2005-09-28 13:24:08.000000000 -0400
+++ shadow/76258.tmp.27934	2005-09-28 13:51:24.000000000 -0400
@@ -1,15 +1,15 @@
 Bug#: 76258
 Product: Mono: Class Libraries
 Version: unspecified
-OS: unknown
+OS: All
 OS Details: Linux Fedora Core 3
-Status: NEW   
+Status: ASSIGNED   
-Severity: 032 Four days
-Priority: Blocker
+Severity: Unknown
+Priority: Normal
 Component: Mono.Security
 AssignedTo: sebastien at ximian.com                            
 ReportedBy: yngve.zackrisson at mobila-kontoret.se               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -120,6 +120,26 @@
 Although I added my cacert16t.cer to the Mono Machines Trust store.
+------- Additional Comments From sebastien at ximian.com  2005-09-28 13:51 -------
+The issue is that we cannot verify the handshake signature (generated
+by MS) in the certificate verify message (section 7.4.8 of RFC2246) so
+we throw an exception. We have no problem verifying the signature made
+by wget/openssl.
+Strangely the data hashed for handshake isn't bad because we can
+continue the handshake (if we don't throw an exception) and the
+(handshake) data will be verified later...
+Yngve, try commenting the
+throw new TlsException (AlertDescription...);
+lines in ProcessAsSsl3 and ProcessAsTls1 methods in the file
+TlsClientCertificateVerify and re-execute your code. 
+If this works then 
+(a) we know that there's no other problem hidden behind the current one;
+(b) it will let you continue working on the "custom-n-unsafe" version
+while I found the problem.

More information about the mono-bugs mailing list