Hello,Suffering the same problem as Ray Hodel in Jan 2012 (trying to use a server https certificate with the same CN as the cosign client certificate), and inspired by his post to this list, I've made a very small patch to the IIS module that locates client certificate by the 'friendly name' set through the certificate store in addition to locating it via common name.
I've attached the patch in case it is useful to others - it's been running in production for a couple of months on a few fairly high-traffic sites and we've not seen any problems.
In the process of developing this, I spotted that version 3.1.1 was available on sourceforge (http://sourceforge.net/projects/cosign/files/cosign-windows/), but that the download page of weblogin.org is directing users to version 3.1.0.
Last year we suffered a worker crashing repeatedly under very high load that I believe may not have occurred had we been using v3.1.1.
I've also attached a patch to the visual studio sln file that simplifies the build options (Release for x86 and Release for x64).
Graham -- Graham Clinch Systems Programmer, Lancaster University
--- a/src/CosignModule.cpp Fri Jan 31 15:25:45 2014 +0000 +++ b/src/CosignModule.cpp Fri Jan 31 15:25:51 2014 +0000 @@ -76,7 +76,7 @@ CERT_FIND_ANY, NULL, prevCtx )) != NULL ) { - if ( CertGetNameString( ctx, CERT_NAME_ATTR_TYPE, 0, szOID_COMMON_NAME, pszNameString, 1024 ) > 1 ) { + if ( CertGetNameString( ctx, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, NULL, pszNameString, 1024 ) > 1 ) { if ( wcsstr( pszNameString, cn.c_str() ) != NULL ) { CosignLog( L"Found matching certificate!\n" ); return( ctx );
--- a/src/CosignModule.sln Tue Nov 19 10:36:33 2013 +0000 +++ b/src/CosignModule.sln Tue Nov 19 10:43:43 2013 +0000 @@ -17,16 +17,14 @@ EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Windows = Debug|Windows - Release|Windows = Release|Windows - x64|Windows = x64|Windows + Release|x64 = Release|x64 + Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution - {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.ActiveCfg = Debug|Win32 - {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Debug|Windows.Build.0 = Debug|Win32 - {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.ActiveCfg = Release|x64 - {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|Windows.Build.0 = Release|x64 - {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.x64|Windows.ActiveCfg = x64 Release|x64 + {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.ActiveCfg = Release|x64 + {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x64.Build.0 = Release|x64 + {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.ActiveCfg = Release|Win32 + {41DFA73D-5E23-4DC9-91FF-0FC3FE00EFCD}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE
------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss