EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validating certificate during SSL connection

Posted: 04/03/2012 05:08:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 174

Hello everyone,

Am I missing something obvious or is the process of validating a certificate during SSL connection incredibly difficult ?

Unless I miss something, there is no method (that I could find) for validating the whole chain sent by the remote host: all there is is the OnValidate event handler that gets called by TElSSLClient during the negotiation (which, in turn, makes it extremely hard to keep your context around since that instance is completely controlled by the library: you don't get to add your own data pointer to it).

This means that we either have to implement our own (add a context-aware retention system for all the certificates in the chain and then add an extra validation in the OnSSLEstablished event handler) or require that ALL certificates except for the leaf be known in advance (installed in the local store, for instance).

What am I missing here ?

Posted: 04/03/2012 05:12:49
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

We have TElX509CertificateValidator that you can use to validate a full chain. Please refer to this article for details: http://www.eldos.com/security/articles/7545.php
Posted: 04/03/2012 05:33:26
by Eugene Mayevski (Team)

HTTP client and FTP client samples (as well as SimpleSSLClient sample) use TElX509CertificateValidator in the event handler.

Sincerely yours
Eugene Mayevski



Topic viewed 662 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!