[Mono-bugs] [Bug 81511][Nor] New - TlsClientCertificate verifyCertificateUsage differs from spec

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed May 2 03:36:49 EDT 2007

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by bugzilla at woy.nl.


--- shadow/81511	2007-05-02 03:36:49.000000000 -0400
+++ shadow/81511.tmp.3903	2007-05-02 03:36:49.000000000 -0400
@@ -0,0 +1,37 @@
+Bug#: 81511
+Product: Mono: Class Libraries
+Version: 1.2
+OS: other
+OS Details: 
+Status: NEW   
+Priority: Normal
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: bugzilla at woy.nl               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+Summary: TlsClientCertificate verifyCertificateUsage differs from spec
+I'm using an SslServerStream in combination with Client Authentication. 
+The TlsClientCertificate.checkCertificateUsage( X509Certificate ) method 
+always returns false wich results in an CERT_E_PURPOSE error.
+The ExchangeAlgorithmType is always RsaKeyX wich seems to be correct. This 
+results in checking for an KeyUsageExtension that supports 
+But as I can read in this OpenSsl documentation an client certificate has 
+to support digitalSignature. Only the server certificate has to support 
+also the following document seems to support this
+Steps to reproduce this:
+Create a SslServerstream and connect to the server using a client 
+certificate that does support DigitalSignature but no KeyEncipherment.

More information about the mono-bugs mailing list