> From: Miguel de Icaza [mailto:mig...@xamarin.com] > > • We are setting up a more comprehensive harness for SSL/TLS tests that do > not depend on remote servers.
This is much appreciated, thank you very much. There is one thing you didn't mention: As far as I can tell, no mono developer has ever tested the real world use case of SslStream.AuthenticateAsServer with an intermediate cert connecting to SslStream.AuthenticateAsClient. As far as I can tell, no mono developer has ever bothered to run the test I provided in the pull request. The end result is that mono's implementation of SslStream.AuthenticateAsServer is simply broken, not usable, has never worked, still broken today. I have a dirty hacked fork of mono that made it work, but those changes not suitable for pull into mono (see: dirty, hacked). If it helps, I wrote a script that automates the creation of a root CA, intermediate, and signing of a server cert, suitable to be used in such a test. Even if the script doesn't get run automatically in the build process, it's perfectly acceptable to generate certs in advance and hard-code them into the tests, as is done in existing pull-request test today. The script is here: https://github.com/rahvee/MonoSslStreamServerBug/blob/master/certs/junkca.sh And having used the above script to generate some certs, a hard-coded result is stored here: https://github.com/rahvee/mono/commit/02ae92b34f47779c1962d38ffdcf6e732f10b063#diff-05497f49a91426be05c25bbebc4e3a59R59 There is no reasonable reason to expect it to ever work, if it's not tested. _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
