EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validating certificate during SSL connection

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#19656
Posted: 04/03/2012 05:08:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello everyone,

Am I missing something obvious or is the process of validating a certificate during SSL connection incredibly difficult ?

Unless I miss something, there is no method (that I could find) for validating the whole chain sent by the remote host: all there is is the OnValidate event handler that gets called by TElSSLClient during the negotiation (which, in turn, makes it extremely hard to keep your context around since that instance is completely controlled by the library: you don't get to add your own data pointer to it).

This means that we either have to implement our own (add a context-aware retention system for all the certificates in the chain and then add an extra validation in the OnSSLEstablished event handler) or require that ALL certificates except for the leaf be known in advance (installed in the local store, for instance).

What am I missing here ?

Thanks
#19657
Posted: 04/03/2012 05:12:49
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

We have TElX509CertificateValidator that you can use to validate a full chain. Please refer to this article for details: http://www.eldos.com/security/articles/7545.php
#19658
Posted: 04/03/2012 05:33:26
by Eugene Mayevski (EldoS Corp.)

HTTP client and FTP client samples (as well as SimpleSSLClient sample) use TElX509CertificateValidator in the event handler.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 582 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!