From mozilla-crypto Tue Feb 01 11:22:45 2011 From: Ambroz Bizjak Date: Tue, 01 Feb 2011 11:22:45 +0000 To: mozilla-crypto Subject: Re: Encoding and comparing certificates with NSS Message-Id: X-MARC-Message: https://marc.info/?l=mozilla-crypto&m=129655939702326 On Feb 1, 12:45 am, Robert Relyea wrote: > If I were you, I'd double check my byte compare code in B. Try > connecting to A with one cert and to B with another and make sure it > fails. In our previous example, you clearly had a mangled version of > certificate C sent to be, but you indicated that B accepted C's real > cert as equal. That tells me you may not be doing your compare correctly. Thank you, but the byte compare is fine. It was working because I was comparing two re-encoded certs: A re-encoded C's cert and sent it to B, and when B accepted the connection from C, it also re-encoded the cert, and they matched because both A and B were doing the re-encoding the same way. Also when I fixed A to send B the real cert and left B to compare it against the re-encoded cert, the compare failed, which proves that it's comparing fine. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto