News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Most frequent SecureSocket problem  
by Mentalis.org Team [pieter at mentalis dot org]
posted on 2003/08/09

We often get emailed by users of the Security Library about an exception that the SecureSocket class throws right after it is connected to a remote host. The cause of this exception is usually a problem with the verification of the server certificate.

Many users set the CredentialVerification of the SecureSocket to Auto. This means that the SecureSocket will automatically verify the peer certificate and it will close the connection and throw an exception if the certificate verification is unsuccessful. This is where the exception that many users are seeing originates from.

Certificate validation can fail because of several reasons, but here are the two most common causes:
- UntrustedRoot: the root certificate that signed the server certificate is not trusted on this computer.
- NoCNMatch: the canonical name does not match the name on the certificate.

We recommend using the Manual CredentialVerification type in your applications. This requires somewhat more code, but it allows you to differentiate between different cases of certificate validation failures.
CredentialVerification.Auto can be used if you’re sure that the server will always send a valid certificate [common name is correct, the root CA of the certificate is trusted and the certificate is not expired].

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.