projects / mono.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c259a8c)
2009-08-20 Sebastien Pouliot <sebastien@ximian.com>
authorSebastien Pouliot <sebastien@ximian.com>
Thu, 20 Aug 2009 18:25:50 +0000 (18:25 -0000)
committerSebastien Pouliot <sebastien@ximian.com>
Thu, 20 Aug 2009 18:25:50 +0000 (18:25 -0000)
* TlsServerCertificate.cs: If no usage information is available then
assume it's ok for SSL since we'll (later) check that the CN contains
a host name (that match the server) and such a certificate wouldn't
be much useful for anything but SSL/TLS. Fix the new stmp.gmail.com
certificate usage failure.

svn path=/trunk/mcs/; revision=140358

mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/ChangeLog patch | blob | history
mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs patch | blob | history

diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/ChangeLog b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/ChangeLog
index bcc3ece79086ae915efa1ca93f248793956c7019..2ad0fe6fce5493271c1cf44ff09644164e28e962 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/ChangeLog
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/ChangeLog
@@ -1,3 +1,11 @@
+2009-08-20  Sebastien Pouliot  <sebastien@ximian.com>
+
+       * TlsServerCertificate.cs: If no usage information is available then
+       assume it's ok for SSL since we'll (later) check that the CN contains
+       a host name (that match the server) and such a certificate wouldn't
+       be much useful for anything but SSL/TLS. Fix the new stmp.gmail.com
+       certificate usage failure.
+
 2007-12-15  Sebastien Pouliot  <sebastien@ximian.com>
 
        * TlsServerCertificate.cs: Add support for wilcard (*) when matching
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs
index ef12ed1075e6a816034892981ca36769e2bc17c5..f5bf2e72db0694cfdb588c89b4321c4fcff69890 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs
@@ -177,8 +177,9 @@ namespace Mono.Security.Protocol.Tls.Handshake.Client
                                return ct.Support (NetscapeCertTypeExtension.CertTypes.SslServer);
                        }
 
-                       // certificate isn't valid for SSL server usage
-                       return false;
+                       // if the CN=host (checked later) then we assume this is meant for SSL/TLS
+                       // e.g. the new smtp.gmail.com certificate
+                       return true;
                }
 
                private void validateCertificates(X509CertificateCollection certificates)
my mono mirror. check out Moved to http://github.com/mono/mono