EldoS | Feel safer!

Software components for data protection, secure storage and transfer

[FTPS] - Server Certificate

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#2389
Posted: 02/27/2007 07:47:18
by frederic dominique (Basic support level)
Joined: 02/21/2007
Posts: 17

Hello,
I don't really understand the "Client_OnCertificateValidate" method in the sample.

For me, the ftp client have a certificate file of the server and compare with the certificate file receive from the server no ? it's the same it's ok.

where a find some more explication on this ?

thx
#2390
Posted: 02/27/2007 08:35:27
by Eugene Mayevski (EldoS Corp.)

Quote
frederic dominique wrote:
For me, the ftp client have a certificate file of the server and compare with the certificate file receive from the server no ? it's the same it's ok.

where a find some more explication on this ?


This is not that easy. You need to check whether the certificate belongs to that server (using server name), then you need to check whether the certificate has been revoked, also check certificate validity (the certificate is valid only for certain period of time).

You will find detailed information in SecureBlackbox knowledgebase on the site.


Sincerely yours
Eugene Mayevski
#2391
Posted: 02/27/2007 09:00:35
by frederic dominique (Basic support level)
Joined: 02/21/2007
Posts: 17

:-(
no native method for validation between two certificates
#2392
Posted: 02/27/2007 09:20:27
by Eugene Mayevski (EldoS Corp.)

Certificates are not validated by comparing them.


Sincerely yours
Eugene Mayevski
#2393
Posted: 02/27/2007 09:53:02
by frederic dominique (Basic support level)
Joined: 02/21/2007
Posts: 17

i dont understand the goal of a certificate validate who send by a ftp server, if i don't compare some information valid with a certificate send by the admin of this server.
another question : i dont understand your code in the sample

[code]
If ((Validity Or (SBX509.TSBCertificateValidity.cvOk Or SBX509.TSBCertificateValidity.cvSelfSigned)) = 0) Then
Validity = ElMemoryCertStorage.Validate(Cert, Reason, DateTime.Now)
If ((Validity Or (SBX509.TSBCertificateValidity.cvOk Or SBX509.TSBCertificateValidity.cvSelfSigned)) = 0) Then[code]

because when on my ftps i put a certifcate expired the result is the certificate it's ok ?

#2394
Posted: 02/27/2007 10:09:46
by Eugene Mayevski (EldoS Corp.)

Quote
frederic dominique wrote:
i dont understand the goal of a certificate validate who send by a ftp server, if i don't compare some information valid with a certificate send by the admin of this server.


You need to compare the name of the server you connect to with the name, written in the certificate.

Quote
frederic dominique wrote:
i dont understand your code in the sample


I don't understand the question, sorry. Where are you putting the expired certificate?


Sincerely yours
Eugene Mayevski
#2395
Posted: 02/27/2007 10:22:21
by frederic dominique (Basic support level)
Joined: 02/21/2007
Posts: 17

ok for the first part.

i put a expired certificate on the server, it's send to your sample and it's the same who it's load at the connexion.

#2396
Posted: 02/27/2007 10:32:26
by Eugene Mayevski (EldoS Corp.)

Do I understand right that
Validity = ElMemoryCertStorage.Validate(Cert, Reason, DateTime.Now)

returns cvOk?

Is the [expired] certificate self-signed? If the certificate is self-signed, ElMemoryCertStorage.Validate will return cvSelfSigned no matter what the validity period is (this is a bug which will be fixed).


Sincerely yours
Eugene Mayevski
#2397
Posted: 02/27/2007 10:39:58
by frederic dominique (Basic support level)
Joined: 02/21/2007
Posts: 17

for Validity = ElMemoryCertStorage.Validate(Cert, Reason, DateTime.Now)
Reason = 8
Validity = cvSelfSigned
but for execute this, i step over the condifition

it's a self signed certificat.
#2398
Posted: 02/27/2007 11:18:05
by Eugene Mayevski (EldoS Corp.)

Yes, this is the mentioned problem ... The result of date checking gets overriden. We will fix this in the next build.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 8296 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!