Lukas, Due to a bug in the cryptlib library it fails to load some valid pem formatted certificates. I have reported the problem + patch to the cryptlib mailing list. Attached you'll find a modified cryptlib patch that has a workaround for the problem so that existing cryptlib libraries will work. Basically, it removes the '-----BEGIN CERTIFICATE-----' '-----END CERTIFICATE-----' tags from the certificate before calling cryptImportCert.
Note that the cryptlib patches include the openssl patch submitted on feb 24 (OnVerifyCert). Ludo -----Message d'origine----- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : dimanche 27 février 2011 15:43 À : 'Ararat Synapse' Objet : [Synalist] [HttpSend] PATCH for cryptlib Hi Lukas, Attached a patch for cryptlib that implements server certificate verification. It corrects also the following problems/bugs: - run-time check for cryptlib library version matching cryptlib.pas version (dll hell!!) - GetPeerFingerprint: CRYPT_CERTINFO_FINGERPRINT returns already the MD5 of the certificate. - cryptSetAttribute(cert, CRYPT_CERTINFO_ISSUERNAME, CRYPT_UNUSED) isn't working. Has to be cryptSetAttribute(cert, CRYPT_ATTRIBUTE_CURRENT, CRYPT_CERTINFO_ISSUERNAME); - cryptlib 3.4.0 has changed some constant names. Added conditional compile. - added TCustomSSL.CertComplianceLevel. Cryptlib is very picky on standards. The default compliance level is too high for most sites. For example, it needs to be set to CRYPT_COMPLIANCELEVEL_OBLIVIOUS to connect to https://www.microsoft.com ... Something that you may consider changing, or add a comment in ssl_cryptlib: cryptlib 3.4.0 has changed the default for CRYPT_SESSINFO_VERSION. Now one needs to set SSL.SSLType:=LT_SSLv3 to connect to most sites. In 3.3.2 this was not necessary. Changing TSSLCryptLib.Init line 315 from x := -1; to x := 0; would keep the earlier default behavior. Cheers, Ludo
cryptlibverify2.diff
Description: Binary data
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
