[Mono-dev] Bug with Ssl cert validation
bryan.crotaz at silvercurve.co.uk
Tue Mar 18 11:57:18 UTC 2014
I'd love to contribute, but I have now spent several days trying and
failing to compile Mono for Visual Studio so that I can fix bugs in the C#
libraries. If someone could write a VS2010 solution that can be used to
debug Mono, that would help hundreds of devs like me who just want to fix
their favourite bug.
On 18 March 2014 11:52, Sebastien Pouliot <sebastien.pouliot at gmail.com>wrote:
> On Tue, Mar 18, 2014 at 6:33 AM, Edward Ned Harvey (mono) <
> edward.harvey.mono at clevertrove.com> wrote:
>> > From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
>> >> var mySslStream = new SslStream
>> (client.GetStream(), false,
>> >> ValidateServerCertificate);
>> > if you read the source  (or look at the API compatibility page )
>> you'll see
>> > that this .ctor is decorated with
>> [MonoTODO ("userCertificateValidationCallback is not passed X509Chain and
>> > SslPolicyErrors correctly")]
>> > Changing it to
>> > var mySslStream = new SslStream (client.GetStream(), false);
>> > *and* having run `mozroots` will work.
>> Thank you for this information, but it causes me an equally significant
>> problem. I need to accept the server cert if it passes validation with
>> mozroots, but if that fails, then I need to get user input to determine if
>> they'll accept the cert.
>> I guess the best way to do this will be to first create the SslStream and
>> AuthenticateAsClient, and simply wait to see if it succeeds. If it fails,
>> then throw it away, create a new SslStream with
>> RemoteCertificateValidationCallback, and ignore the X509Chain and
>> SslPolicyErrors, just simply present the certificate to user.
>> Any better ideas?
> Contribute! :-)
>> Thanks again, for your very prompt and helpful response. :-)
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list