[Mono-bugs] [Bug 80557][Wis] Changed - Client Certificate Chains not supported

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu May 10 11:17:59 EDT 2007

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/80557	2007-01-29 10:21:28.000000000 -0500
+++ shadow/80557.tmp.26258	2007-05-10 11:17:59.000000000 -0400
@@ -61,6 +61,19 @@
 certificate store.
 ------- Additional Comments From bugzilla at woy.nl  2007-01-29 10:21 -------
 Created an attachment (id=18570)
 new Server.TlsClientCertificate patch. The previous patch handled the length field incorrectly
+------- Additional Comments From sebastien at ximian.com  2007-05-10 11:17 -------
+The server side patch isn't correct. X509Chain is initialized with a
+potentially empty chain. In this case the engine will use the (empty)
+supplied chain and fail - unless the leaf is signed with a trusted
+root (no intermediates).
+The solution I made is to have a dual path: if a chain is available
+use it, otherwise let the engine build its own chain (from the
+stores). However this won't work if a partial chain is used.
+I'll test the updated patch on my side and if it's still works
+(chain-less) I'll attach it so you can test it on your side (chain).

More information about the mono-bugs mailing list