Fallback to System Certificate Store when CA Certificate Path Is Not Present#991
Fallback to System Certificate Store when CA Certificate Path Is Not Present#991dckorben wants to merge 6 commits intoconnamara:masterfrom
Conversation
| @@ -182,7 +182,33 @@ internal bool VerifyRemoteCertificate( | |||
|
|
|||
| // If CA Certificate is specified then validate against the CA certificate, otherwise it is validated against the installed certificates | |||
There was a problem hiding this comment.
Notable that this comment SAYS it validates against installed certificates but that is actually not true. It validates against installed certificates if it is a HTTPS/TLS connection, which was probably the intended meaning. If you specify a certificate but not a CA, it just fails. In the case of #990, you can specify a certificate from a Public CA but then validation fails and because many CAs use a lineage of certificates you cannot validate the chain with the existing configuration options.
dckorben
changed the title
|
I do see a potential issue here where it doubles up the certificate chain validation for TLS/HTTPS connections because the function |
|
@dckorben yes it works now if I don't specify CA certificate and it checks it agains the installed ones. |
|
Are you a Linux test by chance? |
The good aspect of this is you won't have to manage the CA key expirations manually. So, it's an improvement in function as well. |
|
nope, windows |
2 participants
"Fixes" #990
This isn't final, too duplicative. Need someone to verify it works on Windows/Linux as we've been bitten by behavior differences before and I don't have an admin box I can trust the generated CA with.
@dimaaik27 Please verify this works in your implementation before I clean up the code.