Hello,
Suffering the same problem as Ray Hodel in Jan 2012 (trying to use a
server https certificate with the same CN as the cosign client
certificate), and inspired by his post to this list, I've made a very
small patch to the IIS module that locates client certificate by the
'friendly name' set through the certificate store in addition to
locating it via common name.
I've attached the patch in case it is useful to others - it's been
running in production for a couple of months on a few fairly
high-traffic sites and we've not seen any problems.
In the process of developing this, I spotted that version 3.1.1 was
available on sourceforge
(http://sourceforge.net/projects/cosign/files/cosign-windows/), but that
the download page of weblogin.org is directing users to version 3.1.0.
Last year we suffered a worker crashing repeatedly under very high load
that I believe may not have occurred had we been using v3.1.1.
I've also attached a patch to the visual studio sln file that simplifies
the build options (Release for x86 and Release for x64).
Graham
--
Graham Clinch
Systems Programmer,
Lancaster University
--- a/src/CosignModule.cpp Fri Jan 31 15:25:45 2014 +0000
+++ b/src/CosignModule.cpp Fri Jan 31 15:25:51 2014 +0000
@@ -76,7 +76,7 @@
CERT_FIND_ANY,
NULL,
prevCtx )) != NULL ) {
- if ( CertGetNameString( ctx, CERT_NAME_ATTR_TYPE, 0,
szOID_COMMON_NAME, pszNameString, 1024 ) > 1 ) {
+ if ( CertGetNameString( ctx, CERT_NAME_FRIENDLY_DISPLAY_TYPE,
0, NULL, pszNameString, 1024 ) > 1 ) {
if ( wcsstr( pszNameString, cn.c_str() ) != NULL ) {
CosignLog( L"Found matching certificate!\n" );
return( ctx );
--- a/src/CosignModule.sln Tue Nov 19 10:36:33 2013 +0000
+++ b/src/CosignModule.sln Tue Nov 19 10:43:43 2013 +0000
@@ -17,16 +17,14 @@
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
- Debug|Windows = Debug|Windows
- Release|Windows = Release|Windows
- x64|Windows = x64|Windows
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.ActiveCfg
= Debug|Win32
- {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.Build.0 =
Debug|Win32
-
{41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.ActiveCfg = Release|x64
- {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.Build.0
= Release|x64
- {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.x64|Windows.ActiveCfg =
x64 Release|x64
+ {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.ActiveCfg =
Release|x64
+ {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.Build.0 =
Release|x64
+ {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.ActiveCfg =
Release|Win32
+ {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.Build.0 =
Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
