[Mono-devel-list] two questions about Mono.Security.dll

Sebastien Pouliot spouliot at videotron.ca
Sat Jul 2 11:47:47 EDT 2005


Hello Liu,

> I am very interested in the SSL/TLS function of
> Novell.Directory.Ldap.dll and
> Mono.Security.dll. I have built the Novell CsharpLDAP's sample source
> StartTLS.cs with mono1.1.8's Novell.Directory.Ldap.dll Mono.Security.dll
> on Windows to do some test. And i found two problems about
> Mono.Security.dll.
>
> <1.> The sample code can't work correctly. it always output 91
> error like follows.
> So i downloaded the Mono.Security.dll's source from
> http://svn.myrealbox.com/viewcvs/trunk/mcs/class/Mono.Security/
> to rebuild
> the Mono.Security.dll. This sample code can work correctly with this
> Mono.Security.dll. it seems that this problem was resolved in the
> new sources.
>
> Will mono1.1.9 contain this change and when mono1.1.9 will be released ?

Yes it should (i.e. unless it cause a regression elsewhere) be in 1.1.9 but
it problably won't be in any 1.1.8.x micro releases.

Could you provide more details about the problem you encountered ? That
would help ensure the feature doesn't get broken later.

Did you try any Mono release before 1.1.8 ? If so was it working ? (i.e. is
it a regression ?)

The only fixed case I can think of is if you're using Active Directory
(which requires optional mutual authentication to works).

> <2.> I made a new root certificate and a new server certificate,
> then did a test
> using the above sample code, but i got
> -2146762494(CERT_E_VALIDITYPERIODNESTING)
> error, but the next day, i used the same certificate to do the
> test, it successed.
> I think it should be a bug about Valid time check. I debuged it
> and found the
> reason. the reason is that ValidFrom and ValidUntil were local time, and
> current time was UTC time.
>
> There are two method to fix this problem, the one is modify
> ASN1Convert::ToDateTime
> function, changing return value to UTC time, the other one is
> just moidify
> X509Certificate::Parse function, changing m_from and m_until to UTC time.
> Which one it better? If there are same problem in other place where the
> ASN1Convert::ToDateTime be called, the first one maybe better, i think.

Yes it is. ASN.1 encoded dates are stored in UTC format. Thanks for spotting
this.
I'll be fixing this ASAP (i.e. it should also be in 1.1.9).

Thanks

Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html




More information about the Mono-devel-list mailing list