[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate validation

To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Certificate validation
From: "Forshey, Carl" <Carl.Forshey@xxxxxxxxxxxx>
Date: Wed, 19 Dec 2007 22:22:05 -0500
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
Thread-index: AchCt33+DSZ2e54iSdSVkZuZJrEKtw==
Thread-topic: Certificate validation

Hi Scott,

I'm having a problem with testing my application using SSL where I'm given a site to log on to with a known expired certificate (another vendor requirement). The CA normally being used is VeriSign, and they are in the DCM and trusted to the application. The problem is the certificate is being validated and I'm then connecting and receiving a response from the site. I was expecting to get a return code error on the certificate validation.

After searching the archives, I came across a reference to a problem where the person wanted to accept an expired certificate (error "SSL Handshake: (GSKit) Validity time period of the certificate is expired") and you provided the code necessary to update the current HTTPAPI version of that time. I'm using the latest version (1.21) and I see the code in the GSKSSL_H source member and the COMMSSLR4 source member. My question is there a way to control whether or not an expired certificate is accepted or not? After reading the archive and looking at the code, it seems as though it's set to accepting by default, where I need to have some indication of a validation error returned to my program, which seems that was what the original problem was on the archive posting. Could you shed some light on this for me, so I can determine if this is my problem or I need to look else where. Thanks!

Carl Forshey
Commsoft

The information contained in this electronic mail transmission is intended by Communications Software Consultants, Inc. for the use of the named individual or entity to which it is directed
and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please notify the sender immediately and delete this
message from your system without copying or forwarding it.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: Certificate validation
  - From: Scott Klement

Prev by Date: Re: Unknown System State Error
Next by Date: Re: Certificate validation
Previous by thread: Re: Unknown System State Error
Next by thread: Re: Certificate validation
Index(es):
- Date
- Thread