Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=81450 --- shadow/81450 2007-04-25 11:04:01.000000000 -0400 +++ shadow/81450.tmp.15268 2007-04-25 12:02:00.000000000 -0400 @@ -1,13 +1,13 @@ Bug#: 81450 Product: Mono: Class Libraries Version: unspecified OS: unknown OS Details: -Status: RESOLVED -Resolution: INVALID +Status: REOPENED +Resolution: Severity: Unknown Priority: Normal Component: Mono.Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] QAContact: [EMAIL PROTECTED] @@ -121,6 +121,33 @@ You should be using Mono's certmgr (even on Windows) to install the certificates (it's the only supported way). It's also possible that you're missing something in your code. Have a look into chktrust source code to see what could be the difference (and re-open the bug if you don't get the same results on Windows). Thanks! + +------- Additional Comments From [EMAIL PROTECTED] 2007-04-25 12:02 ------- +Hi Sebastien, + +I installed the mono runtime (I only had the source here), and after +using the certmgr application to install the certificate, problem 1 +went away. I'm still not sure why there's a difference, but it +doesn't really matter. + +For Problem 2 however, it turns out that the origin of this issue is +located in the IsTrusted method. Apparently, this method +recalculates the 'Reason' integer, without taking the signature into +account. So when you load a file with an invalid signature, the +AuthenticodeDeformatter instance sets the Reason to 2 (= invalid +signature). However if you call IsTrusted, it still returns true, +and all subsequent calls to the Reason property return 0 instead of +2. +You're not seeing this issue with the chktrust tool, because it +doesn't use the IsTrusted property but rather it interprets the +Reason code directly. + +Is this the expected behavior? What exactly is the definition of the +IsTrusted method? Should it only check the certificates, or should +it also check the signature? If it should only check the +certificates, how can I know whether the signature was valid or not +(after calling IsTrusted)? + _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
