List: mozilla-crypto
Subject: Re: Encoding and comparing certificates with NSS
From: Ambroz Bizjak <ambrop7 () gmail ! com>
Date: 2011-02-01 11:22:45
Message-ID: f480e89c-05eb-40b9-817b-9f6054cf04c6 () o39g2000prb ! googlegroups ! com
[Download RAW message or body]
On Feb 1, 12:45 am, Robert Relyea <rrel...@redhat.com> wrote:
> If I were you, I'd double check my byte compare code in B. Try
> connecting to A with one cert and to B with another and make sure it
> fails. In our previous example, you clearly had a mangled version of
> certificate C sent to be, but you indicated that B accepted C's real
> cert as equal. That tells me you may not be doing your compare correctly.
Thank you, but the byte compare is fine. It was working because I was
comparing two re-encoded certs: A re-encoded C's cert and sent it to
B, and when B accepted the connection from C, it also re-encoded the
cert, and they matched because both A and B were doing the re-encoding
the same way. Also when I fixed A to send B the real cert and left B
to compare it against the re-encoded cert, the compare failed, which
proves that it's comparing fine.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic