[Mono-dev] [PATCH] Bug in X509Chain?
vincentcr at netmosphere.net
Wed Dec 7 21:44:40 EST 2005
I'm using the Ssl*Stream classes in Mono.Security for a custom tls
client/server. I want to force the client to supply a cert and have the
server validate it. From what I can gather, X509Chain will validate a
certificate if (among other things) it finds its root cert among the
TrustAnchors list, which is initialized with
X509StoreManager.TrustedRootCertificates. So before starting the server
I will add my root CA to this list with
X509StoreManager.CurrentUser.TrustedRoot.Certificates.Add. But my client
cert still fails validation with X509ChainStatusFlags.PartialChain. This
is not supposed to happen, right?
When stepping into the X509Chain.Build method (as called by
Mono.[bla].Server.TlsClientCertificate.checkCertificateUsage), I noticed
_root = FindCertificateRoot (tmp);
is called, tmp is always null. I think that's wrong, no? When I run the
code again with my patch (see attach.) applied, validation succeeds.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Mono-devel-list