On Feb 1, 12:45 am, Robert Relyea <rrel...@redhat.com> wrote: > If I were you, I'd double check my byte compare code in B. Try > connecting to A with one cert and to B with another and make sure it > fails. In our previous example, you clearly had a mangled version of > certificate C sent to be, but you indicated that B accepted C's real > cert as equal. That tells me you may not be doing your compare correctly.
Thank you, but the byte compare is fine. It was working because I was comparing two re-encoded certs: A re-encoded C's cert and sent it to B, and when B accepted the connection from C, it also re-encoded the cert, and they matched because both A and B were doing the re-encoding the same way. Also when I fixed A to send B the real cert and left B to compare it against the re-encoded cert, the compare failed, which proves that it's comparing fine. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
