Hello, We would love a test case to add to the test suite.
We are building a new test suite as part of this work anyways. MIguel On Tue, Dec 9, 2014 at 3:21 PM, Edward Ned Harvey (mono) < edward.harvey.m...@clevertrove.com> wrote: > > From: Miguel de Icaza [mailto:mig...@xamarin.com] > > > > .NET's implementation of the TLS stack is built on top of native code, > so it > > wont work on Mono. > > > > We have implemented TLS 1.1 and 1.2 on top of the not yet open sourced > > networking stack and will be publishing it as soon as Microsoft open > sources > > the .NET networking stack. > > Great news, thank you! A follow-up question: > > In the current released version of mono SslStream, if the server uses a > cert that is signed by an intermediate chain, *and* a mono SslStream client > connects, then the client rejects the cert. The root cause is because the > server does not send the intermediate chain to the client, and the client > fails to construct the chain. The behavior is specifically a mono-mono > incompatibility - If either the server or the client is .Net, then the > problem does not occur, because a windows server sends the chain to the > client, and a windows client performs guerilla tactics to construct an > incomplete chain. > > So the question is, how could it be possible to add a test for this > behavior, presuming it will some day get fixed and then we don't want it to > happen again? > > I can easily enough write example code to demonstrate the problem. But > then there's a question about what cert to use for demonstration purposes - > it's probably best to create a junk CA with intermediate cert, and some > junk server cert. I could easily enough publish those certs somewhere > and/or hard-code them into the demonstration code, with something like 30 > year validity. >
_______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
