[Mono-bugs] [Bug 635646] New: Gmail pop ssl certificate is rejected
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Aug 30 16:50:06 EDT 2010
https://bugzilla.novell.com/show_bug.cgi?id=635646
https://bugzilla.novell.com/show_bug.cgi?id=635646#c0
Summary: Gmail pop ssl certificate is rejected
Classification: Mono
Product: Mono: Class Libraries
Version: 2.6.x
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Mono.Security
AssignedTo: spouliot at novell.com
ReportedBy: mfarver at mindbent.org
QAContact: mono-bugs at lists.ximian.com
CC: tedu at fogcreek.com
Depends on: 545015
Found By: ---
Blocker: ---
+++ This bug was initially created as a clone of Bug #545015 +++
Created an attachment (id=321507)
--> (http://bugzilla.novell.com/attachment.cgi?id=321507)
tries to connect to pop.gmail.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12)
Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12
The
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.checkCertificateUsage
function rejects the SSL cert used by pop.gmail.com as being unworthy of a
server cert. I'm not an expert in X509 standards, but multiple independent TLS
implementations are willing to accept this certificate as valid for a server,
so it seems mono is wrong here.
This bug is marked fixed, but still appears to occur in 2.6.7.
--------------------------------------------
$ certmgr -ssl https://pop.gmail.com:995
Mono Certificate Manager - version 2.6.7.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD
licensed.
X.509 Certificate v3
Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Issued to: C=US, O=Google Inc, CN=Google Internet Authority
Valid from: 6/8/2009 3:43:27 PM
Valid until: 6/7/2013 2:43:27 PM
*** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.
X.509 Certificate v3
Issued from: C=US, O=Google Inc, CN=Google Internet Authority
Issued to: C=US, S=California, L=Mountain View, O=Google Inc,
CN=pop.gmail.com
Valid from: 4/22/2010 3:11:23 PM
Valid until: 4/22/2011 3:21:23 PM
This certificate is already in the AddressBook store.
No certificate were added to the stores.
--------------------------------------------
In also occurs using https://sdb.amazonaws.com
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list