[Mono-devel-list] two questions about Mono.Security.dll

Sebastien Pouliot spouliot at videotron.ca
Sat Jul 2 11:47:47 EDT 2005

Hello Liu,

> I am very interested in the SSL/TLS function of
> Novell.Directory.Ldap.dll and
> Mono.Security.dll. I have built the Novell CsharpLDAP's sample source
> StartTLS.cs with mono1.1.8's Novell.Directory.Ldap.dll Mono.Security.dll
> on Windows to do some test. And i found two problems about
> Mono.Security.dll.
> <1.> The sample code can't work correctly. it always output 91
> error like follows.
> So i downloaded the Mono.Security.dll's source from
> http://svn.myrealbox.com/viewcvs/trunk/mcs/class/Mono.Security/
> to rebuild
> the Mono.Security.dll. This sample code can work correctly with this
> Mono.Security.dll. it seems that this problem was resolved in the
> new sources.
> Will mono1.1.9 contain this change and when mono1.1.9 will be released ?

Yes it should (i.e. unless it cause a regression elsewhere) be in 1.1.9 but
it problably won't be in any 1.1.8.x micro releases.

Could you provide more details about the problem you encountered ? That
would help ensure the feature doesn't get broken later.

Did you try any Mono release before 1.1.8 ? If so was it working ? (i.e. is
it a regression ?)

The only fixed case I can think of is if you're using Active Directory
(which requires optional mutual authentication to works).

> <2.> I made a new root certificate and a new server certificate,
> then did a test
> using the above sample code, but i got
> error, but the next day, i used the same certificate to do the
> test, it successed.
> I think it should be a bug about Valid time check. I debuged it
> and found the
> reason. the reason is that ValidFrom and ValidUntil were local time, and
> current time was UTC time.
> There are two method to fix this problem, the one is modify
> ASN1Convert::ToDateTime
> function, changing return value to UTC time, the other one is
> just moidify
> X509Certificate::Parse function, changing m_from and m_until to UTC time.
> Which one it better? If there are same problem in other place where the
> ASN1Convert::ToDateTime be called, the first one maybe better, i think.

Yes it is. ASN.1 encoded dates are stored in UTC format. Thanks for spotting
I'll be fixing this ASAP (i.e. it should also be in 1.1.9).


Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html

More information about the Mono-devel-list mailing list