EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Invalid Certificate Data with Client Certificate

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#28159
Posted: 01/28/2014 19:11:08
by GERALD MORRIS (Standard support level)
Joined: 11/08/2010
Posts: 27

HTTPClientCertificateValidate fails with Invalid Certificate data message.
Here is my code.

Code
procedure Tfrmequifax.HTTPClientCertificateValidate(Sender: TObject;
  X509Certificate: TElX509Certificate; var Validate: Boolean);
var
  Validity : TSBCertificateValidity;
  Reason: TSBCertificateValidityReason;
  vfilename,vpassword:string;
begin
  if (X509Certificate.Chain = nil) or X509Certificate.Chain.Certificates[0].Equals(X509Certificate) then
  begin
    vfilename:=extractfilepath(application.ExeName) + 'test.pfx';
    vpassword:='test';
    if X509Certificate=nil then X509Certificate:=TElX509Certificate.Create(self);
    X509Certificate.LoadFromFileAuto(vfilename,vpassword);
    CertificateValidator.ValidateForSSL(X509Certificate, HTTPClient.RemoteHost, HTTPClient.RemoteIP, hrServer, nil, true, false, Now, Validity, Reason);
    Validate := Validity = cvOk;
  end
  else
    Validate := true;
end;
#28161
Posted: 01/29/2014 00:43:51
by Eugene Mayevski (EldoS Corp.)

Can you please explain what you intend to do (i.e. what for was this validation attempt done)? So far your code doesn't make much sense in this context. If you don't want to validate server's certificate, then just set Validate to true (always). If you want to validate your certificate for whatever reason, then OnCertificateValidate is not the right place to do this.

On a side note please use CODE button to mark the beginning and the end of the code block in your messages.


Sincerely yours
Eugene Mayevski
#28162
Posted: 01/29/2014 01:23:32
by Roy Youssef  (Basic support level)
Joined: 09/13/2013
Posts: 1

If you want to validate your certificate for whatever reason, then OnCertificateValidate is not the right place to do this??????

where is the right place to do it?
#28163
Posted: 01/29/2014 01:39:55
by Eugene Mayevski (EldoS Corp.)

OnCertificateValidate is used to validate the certificate(s) received from the server.

Quote
Roy Youssef wrote:
where is the right place to do it?


Wherever. Just do it right (and the code above is not right as it makes no sense).


Sincerely yours
Eugene Mayevski
#28174
Posted: 01/29/2014 12:19:41
by GERALD MORRIS (Standard support level)
Joined: 11/08/2010
Posts: 27

I have a client certificate that is required by the server
I do not need to validate the server cert, but I have to present a client cert to the server when I connect
#28175
Posted: 01/29/2014 12:23:30
by Vsevolod Ievgiienko (EldoS Corp.)

Then just add this certificate into an instance of TElMemoryCertStorage and assign this storage to ClientCertStorage property of SSL-enabled component you are using.
#28176
Posted: 01/29/2014 12:59:04
by GERALD MORRIS (Standard support level)
Joined: 11/08/2010
Posts: 27

Thank you. That worked!
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 1360 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!