[Mono-bugs] [Bug 81511][Nor] Changed - TlsClientCertificate verifyCertificateUsage differs from spec

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed May 2 08:34:50 EDT 2007

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/81511	2007-05-02 03:36:49.000000000 -0400
+++ shadow/81511.tmp.11822	2007-05-02 08:34:50.000000000 -0400
@@ -1,14 +1,14 @@
 Bug#: 81511
 Product: Mono: Class Libraries
 Version: 1.2
 OS: other
 OS Details: 
-Status: NEW   
+Status: ASSIGNED   
+Severity: Unknown
 Priority: Normal
 Component: Mono.Security
 AssignedTo: sebastien at ximian.com                            
 ReportedBy: bugzilla at woy.nl               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -32,6 +32,19 @@
 also the following document seems to support this
 Steps to reproduce this:
 Create a SslServerstream and connect to the server using a client 
 certificate that does support DigitalSignature but no KeyEncipherment.
+------- Additional Comments From sebastien at ximian.com  2007-05-02 08:34 -------
+The operation (using the client private key) is, generally, a key
+encryption (or else we would check for digital signature). However I
+recall (from a previous life) SSL was a problem for smartcards (a
+"properly" tagged key couldn't be used "correctly" for SSL).
+Note that OpenSSL and Mozilla != specs ;-) Every app/lib has it's own
+rules (worse if they existed before the RFC) and it's impossible to be
+compatible with 100% of them without removing all certificate checks :(
+Anyway I'll check the RFCs and make any required adjustments (if
+required). Thanks

More information about the mono-bugs mailing list