News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
CertificateChain.GetCertificates problem with addtional certificates  
by Ben Rampling
posted on 2005/06/14

I think I've found a problem with GetCertificates in CertificateChain:

I have an application where I use the "additional" argument of the CertificateChain constructor to include an intermediate CA that is not in the registry certificate stores. The chain I expect is:

CA (In registry) -> SubCA (Loaded as a file) -> ClientCert (From browser)

The verification succeeds because Windows builds the chain correctly, but the GetCertificates method rebuilds a chain that can be different from the one Windows SSPI used for verification(!). In my application, it does not use the additional certificate store when building the chain. This prevents additional verification of the chain. :(

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.