[Mono-bugs] [Bug 584050] New: ServerCertificateValidationCallback receives wrong certificate chain

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sat Feb 27 15:52:11 EST 2010 

http://bugzilla.novell.com/show_bug.cgi?id=584050

http://bugzilla.novell.com/show_bug.cgi?id=584050#c0


           Summary: ServerCertificateValidationCallback receives wrong
                    certificate chain
    Classification: Mono
           Product: Mono: Class Libraries
           Version: unspecified
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: System
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: miguel at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


To allow the user to plug his authentication system for server certificates, we
need to provide a valid X509Chain.  Instead we provide an empty chain that only
contains the leaf certificate to our callback routines.

The following sample should be printing "Chain: 3", but in Mono it prints
"Chain: 1".   This is printed regardless of having or not having the mozroot
certificates.

This is problematic, as this is what is required on the iPhone to use the
system certificates, but we do need to provide the chain to the Apple APIs to
be able to be able to get a valid answer from SecTrustEvaluate.

using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;

public class Program {

    public static bool CheckValidationResult (object sender, X509Certificate
cert, X509Chain chain, SslPolicyErrors errors)
    {
        Console.WriteLine ("Error: {0}", errors);
        Console.WriteLine ("Chain: {0}", chain.ChainElements.Count);

        return true;
    }

    static void Main ()
    {
        ServicePointManager.ServerCertificateValidationCallback =
Checkvalidationresult;

        HttpWebRequest request =
(HttpWebRequest)HttpWebRequest.Create("https://gmail.com");
        request.GetResponse ();
}

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list