I have updated the SslHandshakeDone(Sender: TObject; ErrCode: Word; PeerCert:
TX509Base; var Disconnect: Boolean); event as you mentioned and I used
SslVerifyDepth = 15 and
for I := 0 to TCustomSslWSocket(Sender).SslCertChain.Count -1 do
Attached cert file-BEGIN CERTIFICATE-
MIIKYjCCBkqgAwIBAgIJAMvPXQVBsjM2MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJGUjEPMA0GA1UEBwwGUmVubmVzMREwDwYDVQQIDAhCcml0dGFueTEMMAoG
A1UECgwDSUhFMQwwCgYDVQQLDANJSEUxFTATBgNVBAMMDFBvaXNlYXUgRXJpYzEk
marius gabi wrote:
I have updated the SslHandshakeDone(Sender: TObject; ErrCode: Word;
PeerCert: TX509Base; var Disconnect: Boolean); event as you mentioned
and I used SslVerifyDepth = 15 and
for I := 0 to TCustomSslWSocket(Sender).SslCertChain.Count -1 do
Here are the files with OK := 1;
cert0 = Greatest CA (same as server's great CA)
cert1 = Intermediary CA (client's intermediary different from mine's server)
cert2 = Client certificate-BEGIN CERTIFICATE-
MIIKYjCCBkqgAwIBAgIJAMvPXQVBsjM2MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
marius gabi wrote:
Here are the files with OK := 1;
cert0 = Greatest CA (same as server's great CA)
cert1 = Intermediary CA (client's intermediary different from mine's
server) cert2 = Client certificate
Use at least OpenSSL version 0.9.8k from:
marius gabi wrote:
Thank you for your time!
Indeed updating the OpenSSL version fixed my issue but the following
strange thing happens: currently I am using ICS V7 but the highest
version supported by my ICS is 0.9.8n and in this case the
application still would not work OK.
What does that
Thank you for your feedback.In my current scenario the certificate structure is
as follows:
Server(my application) | Client
Root certificate -same as- Root certificate
Intermediary CA -not same as- Intermediary CA
Server Cert
marius gabi wrote:
Thank you for your feedback.In my current scenario the certificate
structure is as follows:
Server(my application) | Client
Root certificate -same as- Root certificate
Intermediary CA-not same as- Intermediary CA
Server Cert -not same as- Client Cert
(With
Thank you for your prompt response. We already tried your solution and seems to
be working. The issue is as follows: I do not have (access to) the client's
certificate (application not developed by me) in order to compose the chains
you mentioned. Furthermore I aspect that other clients that
marius gabi wrote:
Thank you for your prompt response. We already tried your solution
and seems to be working. The issue is as follows: I do not have
(access to) the client's certificate (application not developed by
me) in order to compose the chains you mentioned.
You do not need client's
Arno Garrels wrote:
Usually all CA certificates issued by a root
CA are available for download as well.
Correction: That is mostly true if they have been
issued to their own organizition.
In your case the URL is
http://sumo.irisa.fr/html/pki/ but their server currently fails
with error
Arno, in this moment the client sends the entire certificates chain:
1. its client certificate issued by the intermediary CA (2 from bellow)
2. intermediary certificate issued by the root CA
3. root CA
The only certificate that is common between our server chain and client chain
is (3) root CA.
marius gabi wrote:
Arno, in this moment the client sends the entire certificates chain:
1. its client certificate issued by the intermediary CA (2 from
bellow)
2. intermediary certificate issued by the root CA
3. root CA
OK.
The only certificate that is common between our server chain
Algorithm*.
Since there's a certificate signature failure it is my guess
that an unsupported algorithm is used.
--
Arno Garrels
--- On Mon, 5/2/11, Arno Garrels arno.garr...@gmx.de wrote:
From: Arno Garrels arno.garr...@gmx.de
Subject: Re: [twsocket] SSL Certificates check
To: ICS support
Sorry! Please find attached the log content for Cert.GetRawText.Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cb:cf:5d:05:41:b2:33:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, L=Rennes, ST=Brittany, O=IHE, OU=IHE, CN=Poiseau
marius gabi wrote:
The certificate you posted in your previous messages doesn't use
unsupported signature algorithms as I was guessing previously.
Since its verify depth is 2 and it seems to be the root certificate,
I think the complete chain of the client certificate consists of three
Arno Garrels wrote:
Next create a CAFile that contains both [1] and [2]
(I think [1] has to be the first, however I always forget the order
in which they must appear, just play).
The best way to determine what certificates are sent to the peer
requesting certificate verification is to add them
Currently I'm facing an issue in a Server application that
uses TSSLWSocketServer. I'm setting to the SSLContext a server certificate
identified in code as SSLContext.SslCertFile, with the correct private key file
identified as SSLContext.SslPrivKeyFile and a password. Also I'm adding a
CAFile
marius gabi wrote:
I'm receiving the following message
in the SSLVerifyPeer event: Error = 7 (certificate signature
failure).
In the OnSslVerifyPeer event please do the following logging and
post the result:
Log('Received certificate'#13#10 +
'Subject: ' +
Arno Garrels wrote:
marius gabi wrote:
I'm receiving the following message
in the SSLVerifyPeer event: Error = 7 (certificate signature
failure).
In the OnSslVerifyPeer event please do the following logging and
post the result:
Log('Received certificate'#13#10 +
'Subject:
failure Verify depth: 2
Currently I'm not setting a specific value for the SslVerifyDepth. Regarding
the OpenSSL DLL version I tried with 0.9.8e and 0.9.8h.
--- On Mon, 5/2/11, Arno Garrels arno.garr...@gmx.de wrote:
From: Arno Garrels arno.garr...@gmx.de
Subject: Re: [twsocket] SSL Certificates
21 matches
Mail list logo
