[Mono-dev] [PATCH] Bug in X509Chain?

Vincent Cote-Roy vincentcr at netmosphere.net
Wed Dec 7 21:44:40 EST 2005


I'm using the Ssl*Stream classes in Mono.Security for a custom tls 
client/server. I want to force the client to supply a cert and have the 
server validate it. From what I can gather, X509Chain will validate a 
certificate if (among other things) it finds its root cert among the 
TrustAnchors list, which is initialized with 
X509StoreManager.TrustedRootCertificates. So before starting the server 
I will add my root CA to this list with 
X509StoreManager.CurrentUser.TrustedRoot.Certificates.Add. But my client 
cert still fails validation with X509ChainStatusFlags.PartialChain. This 
is not supposed to happen, right?

When stepping into the X509Chain.Build method (as called by 
Mono.[bla].Server.TlsClientCertificate.checkCertificateUsage), I noticed 
that when:

_root = FindCertificateRoot (tmp);

is called, tmp is always null. I think that's wrong, no? When I run the 
code again with my patch (see attach.) applied, validation succeeds.



-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: X509Chain.cs.diff.txt
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20051207/f9022e1f/attachment.txt 

More information about the Mono-devel-list mailing list