https://bugzilla.novell.com/show_bug.cgi?id=635646
https://bugzilla.novell.com/show_bug.cgi?id=635646#c0 Summary: Gmail pop ssl certificate is rejected Classification: Mono Product: Mono: Class Libraries Version: 2.6.x Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Mono.Security AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] CC: [email protected] Depends on: 545015 Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #545015 +++ Created an attachment (id=321507) --> (http://bugzilla.novell.com/attachment.cgi?id=321507) tries to connect to pop.gmail.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 The Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.checkCertificateUsage function rejects the SSL cert used by pop.gmail.com as being unworthy of a server cert. I'm not an expert in X509 standards, but multiple independent TLS implementations are willing to accept this certificate as valid for a server, so it seems mono is wrong here. This bug is marked fixed, but still appears to occur in 2.6.7. -------------------------------------------- $ certmgr -ssl https://pop.gmail.com:995 Mono Certificate Manager - version 2.6.7.0 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. X.509 Certificate v3 Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Issued to: C=US, O=Google Inc, CN=Google Internet Authority Valid from: 6/8/2009 3:43:27 PM Valid until: 6/7/2013 2:43:27 PM *** WARNING: Certificate signature is INVALID *** This certificate is already in the CA store. X.509 Certificate v3 Issued from: C=US, O=Google Inc, CN=Google Internet Authority Issued to: C=US, S=California, L=Mountain View, O=Google Inc, CN=pop.gmail.com Valid from: 4/22/2010 3:11:23 PM Valid until: 4/22/2011 3:21:23 PM This certificate is already in the AddressBook store. No certificate were added to the stores. -------------------------------------------- In also occurs using https://sdb.amazonaws.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
