diff options
author | Gonzalo Paniagua Javier <gonzalo.mono@gmail.com> | 2010-04-08 18:30:31 +0400 |
---|---|---|
committer | Gonzalo Paniagua Javier <gonzalo.mono@gmail.com> | 2010-04-08 18:30:31 +0400 |
commit | 2d8eb21f63f9e7873315b51e4ecab538695c4d83 (patch) | |
tree | 9df6b33a8606c0d9bdf22753e1e0e31673257dec /mcs | |
parent | 506b0f407508f377947e4f68cea97bb7eede7683 (diff) |
2010-04-08 Gonzalo Paniagua Javier <gonzalo@novell.com>
* ServicePointManager.cs: obtain the SubjectAltName extension the
right way. Fixes bug #594110.
svn path=/branches/mono-2-6/mcs/; revision=155050
Diffstat (limited to 'mcs')
-rw-r--r-- | mcs/class/System/System.Net/ChangeLog | 5 | ||||
-rw-r--r-- | mcs/class/System/System.Net/ServicePointManager.cs | 11 |
2 files changed, 10 insertions, 6 deletions
diff --git a/mcs/class/System/System.Net/ChangeLog b/mcs/class/System/System.Net/ChangeLog index 14bd22ea129..54835ce7be9 100644 --- a/mcs/class/System/System.Net/ChangeLog +++ b/mcs/class/System/System.Net/ChangeLog @@ -1,3 +1,8 @@ +2010-04-08 Gonzalo Paniagua Javier <gonzalo@novell.com> + + * ServicePointManager.cs: obtain the SubjectAltName extension the + right way. Fixes bug #594110. + 2010-03-26 Gonzalo Paniagua Javier <gonzalo@novell.com> * ServicePointManager.cs: errors parsing the certificate don't prevent diff --git a/mcs/class/System/System.Net/ServicePointManager.cs b/mcs/class/System/System.Net/ServicePointManager.cs index 8a18f8c33b8..cf481194d10 100644 --- a/mcs/class/System/System.Net/ServicePointManager.cs +++ b/mcs/class/System/System.Net/ServicePointManager.cs @@ -437,7 +437,7 @@ namespace System.Net status11 = -2146762490; //CERT_E_PURPOSE 0x800B0106 } - if (!CheckServerIdentity (leaf, Host)) { + if (!CheckServerIdentity (certs [0], Host)) { errors |= SslPolicyErrors.RemoteCertificateNameMismatch; status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F } @@ -618,14 +618,13 @@ namespace System.Net // 2.1. exact match is required // 3. Use of the most specific Common Name (CN=) in the Subject // 3.1 Existing practice but DEPRECATED - static bool CheckServerIdentity (X509Certificate2 cert, string targetHost) + static bool CheckServerIdentity (Mono.Security.X509.X509Certificate cert, string targetHost) { try { - X509Extension ext = cert.Extensions ["2.5.29.17"]; + Mono.Security.X509.X509Extension ext = cert.Extensions ["2.5.29.17"]; // 1. subjectAltName if (ext != null) { - ASN1 asn = new ASN1 (ext.RawData); - SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (asn); + SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (ext); // 1.1 - multiple dNSName foreach (string dns in subjectAltName.DNSNames) { // 1.2 TODO - wildcard support @@ -640,7 +639,7 @@ namespace System.Net } } // 3. Common Name (CN=) - return CheckDomainName (cert.SubjectName.Format (false), targetHost); + return CheckDomainName (cert.SubjectName, targetHost); } catch (Exception e) { Console.Error.WriteLine ("ERROR processing certificate: {0}", e); Console.Error.WriteLine ("Please, report this problem to the Mono team"); |