projects / mono.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8802644)
Avoid throwing (just return false) when verifying an RSA certificate with dsaSHA1
authorSebastien Pouliot <sebastien@ximian.com>
Sun, 3 Apr 2011 14:07:55 +0000 (10:07 -0400)
committerSebastien Pouliot <sebastien@ximian.com>
Sun, 3 Apr 2011 14:12:09 +0000 (10:12 -0400)
* X509Certificate.cs: Do not throw a CryptographicException for "unknown
hash algorithm" when asked to verify a RSA certificate with dsaSHA1 since
this can happen when a bad/incomplete chain is being tested.

mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs patch | blob | history

diff --git a/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs b/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs
index 8a3fa7e61998729d7515946e25ac55e18827ee27..3b4f6e80f0202dc33188b9d0481aaa9520ed6049 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs
+++ b/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs
@@ -515,6 +515,11 @@ namespace Mono.Security.X509 {
                                case "1.2.840.113549.1.1.11":
                                        v.SetHashAlgorithm ("SHA256");
                                        break;
+                               // SHA1-1 with DSA
+                               case "1.2.840.10040.4.3":
+                                       // invalid but this can occurs when building a bad chain - e.g. missing certificate(s)
+                                       // we return false so we can report the "chain" error to the user (not an exception)
+                                       return false;
                                default:
                                        throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
                        }
my mono mirror. check out Moved to http://github.com/mono/mono