[Mono-dev] Bug with Ssl cert validation
sebastien.pouliot at gmail.com
Tue Mar 18 11:52:21 UTC 2014
On Tue, Mar 18, 2014 at 6:33 AM, Edward Ned Harvey (mono) <
edward.harvey.mono at clevertrove.com> wrote:
> > From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
> >> var mySslStream = new SslStream
> (client.GetStream(), false,
> >> ValidateServerCertificate);
> > if you read the source  (or look at the API compatibility page )
> you'll see
> > that this .ctor is decorated with
> > [MonoTODO ("userCertificateValidationCallback is not passed X509Chain and
> > SslPolicyErrors correctly")]
> > Changing it to
> > var mySslStream = new SslStream (client.GetStream(), false);
> > *and* having run `mozroots` will work.
> Thank you for this information, but it causes me an equally significant
> problem. I need to accept the server cert if it passes validation with
> mozroots, but if that fails, then I need to get user input to determine if
> they'll accept the cert.
> I guess the best way to do this will be to first create the SslStream and
> AuthenticateAsClient, and simply wait to see if it succeeds. If it fails,
> then throw it away, create a new SslStream with
> RemoteCertificateValidationCallback, and ignore the X509Chain and
> SslPolicyErrors, just simply present the certificate to user.
> Any better ideas?
> Thanks again, for your very prompt and helpful response. :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list