[Mono-dev] [PATCH] Bug in X509Chain?
Vincent Cote-Roy
vincentcr at netmosphere.net
Wed Dec 7 21:44:40 EST 2005
Hi,
I'm using the Ssl*Stream classes in Mono.Security for a custom tls
client/server. I want to force the client to supply a cert and have the
server validate it. From what I can gather, X509Chain will validate a
certificate if (among other things) it finds its root cert among the
TrustAnchors list, which is initialized with
X509StoreManager.TrustedRootCertificates. So before starting the server
I will add my root CA to this list with
X509StoreManager.CurrentUser.TrustedRoot.Certificates.Add. But my client
cert still fails validation with X509ChainStatusFlags.PartialChain. This
is not supposed to happen, right?
When stepping into the X509Chain.Build method (as called by
Mono.[bla].Server.TlsClientCertificate.checkCertificateUsage), I noticed
that when:
_root = FindCertificateRoot (tmp);
is called, tmp is always null. I think that's wrong, no? When I run the
code again with my patch (see attach.) applied, validation succeeds.
Cheers,
Vincent
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: X509Chain.cs.diff.txt
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20051207/f9022e1f/attachment.txt
More information about the Mono-devel-list
mailing list