[Mono-list] Preview 2.6.6

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Jul 12 13:43:46 EDT 2010 

On Sat, 2010-07-10 at 13:44 -0400, Abe Gillespie wrote:
> sberryman, Jan,
> 
> Thanks for the help, guys.  I did try this as I've used this
> work-around before and I *thought* it wasn't working as well.  But I
> just had another try and it worked fine.
> 
> Now, is there a safe way to implement this work-around? 

Not really - otherwise there would be no gain (just pain) in verifying
the certificate chain ;-)

>  I'm not much
> of a security wonk, so what can I check in the cert to accept only
> Google's?  I see properties like Issuer, Thumbprint, and
> GetRawCertData.  

> Can I use any of these to verify, or at least do
> slightly more than "return true" for all certs?

You can check the thumbprint (it's a hash) but that will stop working
when Google updates its certificate or if it use more than one
certificate (e.g. on different servers).

Now (from the bug report) it looks like you have permission issues when
executing code from apache (likely it can't read the certificates). See
my comment there...

> Thanks.
> -Abe
> 
> On Fri, Jul 9, 2010 at 10:06 PM, sberryman <shaun at golfsigma.com> wrote:
> >
> > You could always use the ServicePointManager to accept all SSL certs.
> > Security risk but I've used it in the past when I've had problems with Mono
> > and SSL certs.
> >
> > Simply add the following delegate before you send the email.
> >
> > ServicePointManager.ServerCertificateValidationCallback = delegate(object
> > sender, System.Security.Cryptography.X509Certificates.X509Certificate
> > certificate, System.Security.Cryptography.X509Certificates.X509Chain chain,
> > System.Net.Security.SslPolicyErrors sslPolicyErrors)
> > {
> >     return true;
> > };
> >
> > --
> > View this message in context: http://mono.1490590.n4.nabble.com/Preview-2-6-6-tp2279971p2284277.html
> > Sent from the Mono - General mailing list archive at Nabble.com.
> > _______________________________________________
> > Mono-list maillist  -  Mono-list at lists.ximian.com
> > http://lists.ximian.com/mailman/listinfo/mono-list
> >
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list