[Mono-bugs] [Bug 81511][Nor] Changed - TlsClientCertificate verifyCertificateUsage differs from spec
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed May 2 08:34:50 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=81511
--- shadow/81511 2007-05-02 03:36:49.000000000 -0400
+++ shadow/81511.tmp.11822 2007-05-02 08:34:50.000000000 -0400
@@ -1,14 +1,14 @@
Bug#: 81511
Product: Mono: Class Libraries
Version: 1.2
OS: other
OS Details:
-Status: NEW
+Status: ASSIGNED
Resolution:
-Severity:
+Severity: Unknown
Priority: Normal
Component: Mono.Security
AssignedTo: sebastien at ximian.com
ReportedBy: bugzilla at woy.nl
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
@@ -32,6 +32,19 @@
also the following document seems to support this
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html
Steps to reproduce this:
Create a SslServerstream and connect to the server using a client
certificate that does support DigitalSignature but no KeyEncipherment.
+
+------- Additional Comments From sebastien at ximian.com 2007-05-02 08:34 -------
+The operation (using the client private key) is, generally, a key
+encryption (or else we would check for digital signature). However I
+recall (from a previous life) SSL was a problem for smartcards (a
+"properly" tagged key couldn't be used "correctly" for SSL).
+
+Note that OpenSSL and Mozilla != specs ;-) Every app/lib has it's own
+rules (worse if they existed before the RFC) and it's impossible to be
+compatible with 100% of them without removing all certificate checks :(
+
+Anyway I'll check the RFCs and make any required adjustments (if
+required). Thanks
More information about the mono-bugs
mailing list