Hi Arno,
Thanks for your precise comments.
The security issue in my case is not very high because this is just a server
client communication with nothing sensetive (no money transfer or credit
cards or personal info etc.)
I will use a commercial Certificate of 3 years valid and hoping that it will
work.
However,
I still can't find the reason why I have got that error.
Are you saying that there is security leak in ICS?
if yes,
do we have any solutions for it?
thanks
-----Original Message-----
From: Arno Garrels
Sent: Sunday, February 06, 2011 10:34 PM
To: ICS support mailing
Subject: Re: [twsocket] Error with SSLWSocketClient
Arno Garrels wrote:
With OpenSSL it's easy to generate a CRL and to include its weblink
in self created certificates. If you will use commercial SSL server
certificates you do not have to worry about CRLs.
Well that's true, however currently ICS lacks the CRL-feature. It does
neither
include local CRLs in the certificate verification process nor follow
external
CRL-links in certificates. This is a security leak, however not just in
ICS. I'm
not aware of any Delphi SSL-Component suite that handles CRLs correctly,
one should know that if high security matters.
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
