[Mono-dev] Bug with Ssl cert validation
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Mar 18 11:52:21 UTC 2014
On Tue, Mar 18, 2014 at 6:33 AM, Edward Ned Harvey (mono) <
edward.harvey.mono at clevertrove.com> wrote:
> > From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
> >
> >> var mySslStream = new SslStream
> (client.GetStream(), false,
> >> ValidateServerCertificate);
> >
> > if you read the source [1] (or look at the API compatibility page [2])
> you'll see
> > that this .ctor is decorated with
> >
> > [MonoTODO ("userCertificateValidationCallback is not passed X509Chain and
> > SslPolicyErrors correctly")]
> >
> > Changing it to
> >
> > var mySslStream = new SslStream (client.GetStream(), false);
> >
> > *and* having run `mozroots` will work.
>
> Thank you for this information, but it causes me an equally significant
> problem. I need to accept the server cert if it passes validation with
> mozroots, but if that fails, then I need to get user input to determine if
> they'll accept the cert.
>
> I guess the best way to do this will be to first create the SslStream and
> AuthenticateAsClient, and simply wait to see if it succeeds. If it fails,
> then throw it away, create a new SslStream with
> RemoteCertificateValidationCallback, and ignore the X509Chain and
> SslPolicyErrors, just simply present the certificate to user.
>
> Any better ideas?
>
Contribute! :-)
>
> Thanks again, for your very prompt and helpful response. :-)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20140318/c9605821/attachment.html>
More information about the Mono-devel-list
mailing list