[Mono-bugs] [Bug 346536] X509Certificate2 does not consider google certificate valid
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Fri Dec 14 14:47:43 EST 2007
https://bugzilla.novell.com/show_bug.cgi?id=346536
User spouliot at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=346536#c9
--- Comment #9 from Sebastien Pouliot <spouliot at novell.com> 2007-12-14 12:47:42 MST ---
The RevocationStatusUnknown status is returned because, by default, the policy
is to check revocation status online (which isn't yet supported in Mono).
I'm not sure why you get OfflineRevocation status. I suspect your sample code
has changed since the original doesn't show the status codes. Maybe the default
policy was changed ?
So if you add
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
you should get
GOOGLE CERT VALID: False
CHAIN VALID: True
Subject: CN=www.google.com, O=Google Inc, L=Mountain View, S=California, C=US
===
Subject: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
===
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.",
C=US
===
False
The first and last "false" are because X509Certificate2.Verify calls
X509Chain.Build with the default policy (which is online checks).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list