Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=81450 --- shadow/81450 2007-04-25 10:34:50.000000000 -0400 +++ shadow/81450.tmp.14269 2007-04-25 11:04:01.000000000 -0400 @@ -1,14 +1,14 @@ Bug#: 81450 Product: Mono: Class Libraries Version: unspecified -OS: +OS: unknown OS Details: -Status: NEW -Resolution: -Severity: +Status: RESOLVED +Resolution: INVALID +Severity: Unknown Priority: Normal Component: Mono.Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] QAContact: [EMAIL PROTECTED] TargetMilestone: --- @@ -84,6 +84,43 @@ a trusted CA, I tried verifying the "invalid_signed_file.exe". To my amazement, this returned no errors. The AuthenticodeDeformatter.IsTrusted method returns true, even though I would have expected it to return false. It could be that this is the intended behavior of the IsTrusted method (there were no docs, so I couldn't be sure about that), but I don't see any other method to verify the signature on the file. + +------- Additional Comments From [EMAIL PROTECTED] 2007-04-25 11:04 ------- +Here's a quick test I did using SVN HEAD (but there hasn't any recent +changes in there). + [EMAIL PROTECTED]:~/src/bugzilla/81450> certmgr -add -c Trust +Microsoft_Root_CA.cer +Mono Certificate Manager - version 1.2.4.0 +Manage X.509 certificates and CRL from stores. +Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. +BSD licensed. + +1 certificate(s) added to store Trust. + [EMAIL PROTECTED]:~/src/bugzilla/81450> chktrust signed_file.exe +Mono CheckTrust - version 1.2.4.0 +Verify if an PE executable has a valid Authenticode(tm) signature +Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. +BSD licensed. + +SUCCESS: signed_file.exe signature is valid +and can be traced back to a trusted root! + [EMAIL PROTECTED]:~/src/bugzilla/81450> chktrust invalid_signed_file.exe +Mono CheckTrust - version 1.2.4.0 +Verify if an PE executable has a valid Authenticode(tm) signature +Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. +BSD licensed. + +ERROR! invalid_signed_file.exe digital signature is invalid! + + +You should be using Mono's certmgr (even on Windows) to install the +certificates (it's the only supported way). It's also possible that +you're missing something in your code. Have a look into chktrust +source code to see what could be the difference (and re-open the bug +if you don't get the same results on Windows). Thanks! _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
