[Mono-bugs] [Bug 80557][Wis] Changed - Client Certificate Chains not supported
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Thu May 10 11:17:59 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=80557
--- shadow/80557 2007-01-29 10:21:28.000000000 -0500
+++ shadow/80557.tmp.26258 2007-05-10 11:17:59.000000000 -0400
@@ -61,6 +61,19 @@
certificate store.
------- Additional Comments From bugzilla at woy.nl 2007-01-29 10:21 -------
Created an attachment (id=18570)
new Server.TlsClientCertificate patch. The previous patch handled the length field incorrectly
+
+------- Additional Comments From sebastien at ximian.com 2007-05-10 11:17 -------
+The server side patch isn't correct. X509Chain is initialized with a
+potentially empty chain. In this case the engine will use the (empty)
+supplied chain and fail - unless the leaf is signed with a trusted
+root (no intermediates).
+
+The solution I made is to have a dual path: if a chain is available
+use it, otherwise let the engine build its own chain (from the
+stores). However this won't work if a partial chain is used.
+
+I'll test the updated patch on my side and if it's still works
+(chain-less) I'll attach it so you can test it on your side (chain).
More information about the mono-bugs
mailing list