subject:"\[Cosign\-discuss\] IIS 7\/8 module \- small patch to support locating the client certificate by friendly name"

[Cosign-discuss] IIS 7/8 module - small patch to support locating the client certificate by friendly name

2014-01-31 Thread Graham Clinch


Hello,

Suffering the same problem as Ray Hodel in Jan 2012 (trying to use a 
server https certificate with the same CN as the cosign client 
certificate), and inspired by his post to this list, I've made a very 
small patch to the IIS module that locates client certificate by the 
'friendly name' set through the certificate store in addition to 
locating it via common name.


I've attached the patch in case it is useful to others - it's been 
running in production for a couple of months on a few fairly 
high-traffic sites and we've not seen any problems.


In the process of developing this, I spotted that version 3.1.1 was 
available on sourceforge 
(http://sourceforge.net/projects/cosign/files/cosign-windows/), but that 
the download page of weblogin.org is directing users to version 3.1.0.


Last year we suffered a worker crashing repeatedly under very high load 
that I believe may not have occurred had we been using v3.1.1.


I've also attached a patch to the visual studio sln file that simplifies 
the build options (Release for x86 and Release for x64).


Graham

--
Graham Clinch
Systems Programmer,
Lancaster University
--- a/src/CosignModule.cpp  Fri Jan 31 15:25:45 2014 +
+++ b/src/CosignModule.cpp  Fri Jan 31 15:25:51 2014 +
@@ -76,7 +76,7 @@
CERT_FIND_ANY,
NULL,
prevCtx )) != NULL ) {
-   if ( CertGetNameString( ctx, CERT_NAME_ATTR_TYPE, 0, 
szOID_COMMON_NAME, pszNameString, 1024 )  1 ) {
+   if ( CertGetNameString( ctx, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 
0, NULL, pszNameString, 1024 )  1 ) {
if ( wcsstr( pszNameString, cn.c_str() ) != NULL ) {
CosignLog( LFound matching certificate!\n );
return( ctx );
--- a/src/CosignModule.sln  Tue Nov 19 10:36:33 2013 +
+++ b/src/CosignModule.sln  Tue Nov 19 10:43:43 2013 +
@@ -17,16 +17,14 @@
 EndProject
 Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
-   Debug|Windows = Debug|Windows
-   Release|Windows = Release|Windows
-   x64|Windows = x64|Windows
+   Release|x64 = Release|x64
+   Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
-   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.ActiveCfg 
= Debug|Win32
-   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.Build.0 = 
Debug|Win32
-   
{41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.ActiveCfg = Release|x64
-   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.Build.0 
= Release|x64
-   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.x64|Windows.ActiveCfg = 
x64 Release|x64
+   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.ActiveCfg = 
Release|x64
+   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.Build.0 = 
Release|x64
+   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.ActiveCfg = 
Release|Win32
+   {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.Build.0 = 
Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
--
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Re: [Cosign-discuss] IIS 7/8 module - small patch to support locating the client certificate by friendly name

2014-01-31 Thread Andrew Mortensen


On Jan 31, 2014, at 10:40 AM, Graham Clinch g.cli...@lancaster.ac.uk wrote:

 Hello,
 
 Suffering the same problem as Ray Hodel in Jan 2012 (trying to use a server 
 https certificate with the same CN as the cosign client certificate), and 
 inspired by his post to this list, I've made a very small patch to the IIS 
 module that locates client certificate by the 'friendly name' set through the 
 certificate store in addition to locating it via common name.

Thank you very much for the contribution. I've committed this to the 
cosignmodule master branch.

 I've attached the patch in case it is useful to others - it's been running in 
 production for a couple of months on a few fairly high-traffic sites and 
 we've not seen any problems.
 
 In the process of developing this, I spotted that version 3.1.1 was available 
 on sourceforge 
 (http://sourceforge.net/projects/cosign/files/cosign-windows/), but that the 
 download page of weblogin.org is directing users to version 3.1.0.

Apologies! I've corrected this.

 I've also attached a patch to the visual studio sln file that simplifies the 
 build options (Release for x86 and Release for x64).

I'd like to apply this one as well, but the patch fails to apply to the 
cosignmodule master branch. If you submit a patch applying cleanly, I'll apply 
it.

Best,
andrew


signature.asc
Description: Message signed with OpenPGP using GPGMail
--
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

[Cosign-discuss] IIS 7/8 module - small patch to support locating the client certificate by friendly name

Re: [Cosign-discuss] IIS 7/8 module - small patch to support locating the client certificate by friendly name

2 matches

Site Navigation

Mail list logo

Footer information