[Mono-bugs] [Bug 545015] New: Gmail pop ssl certificate is rejected

Wed Oct 7 11:14:29 EDT 2009

http://bugzilla.novell.com/show_bug.cgi?id=545015

           Summary: Gmail pop ssl certificate is rejected
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.4.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: tedu at fogcreek.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---

Created an attachment (id=321507)
 --> (http://bugzilla.novell.com/attachment.cgi?id=321507)
tries to connect to pop.gmail.com

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12)
Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12

The
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.checkCertificateUsage
function rejects the SSL cert used by pop.gmail.com as being unworthy of a
server cert.  I'm not an expert in X509 standards, but multiple independent TLS
implementations are willing to accept this certificate as valid for a server,
so it seems mono is wrong here.

Reproducible: Always

Steps to Reproduce:
See attached.
Actual Results:  
Invalid certificate received from server.

Expected Results:  
No error.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.