Dear Michael, Fortunatly I can working with 5.3.2 thus I can wait for the newer version. I am grateful to you for finding out what is causing the problem, because I am near to a project dead line thus I do not have spare time for it.
Thanks a lot, Attila. Idézet (mkl <[email protected]>): > Bruno, Attila, > > there indeed is a bug in CertificateVerification.VerifyCertificate in > iTextSharp. > > In Java there is a test cert.hasUnsupportedCriticalExtension in that method, > and only if that test fails, there is an explicit second test whether the > cert has a specific selection of critical extensions which has been > discovered to falsely fail the hasUnsupportedCriticalExtension test in some > LTV scenario. > > In C# that explicit test in 5.3.3 is now executed always (most likely there > is no equivalent to hasUnsupportedCriticalExtension there), i.e. only the > special case tested for and any case with even less critical extensions is > accepted. And this is wrong, there are many other supported critical > extensions. > > 1T3XT BVBA wrote >> I'm not sure if we really need to test for extensions. > > Well, a serious verification component must check critical extensions, cf. > the RFCs: > > RFC 3280, 5280 wrote >> A certificate using system MUST reject the certificate if it encounters a >> critical extension it does not recognize; however, a non-critical >> extension MAY be ignored if it is not recognized. > > Regards, Michael > > > > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/iText-5-3-signature-verification-tp4656646p4656656.html > Sent from the iText - General mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php > ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
