EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to correctly validate Dropbox SSL certificate.

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 05/05/2015 20:15:27
by Alan Reinhold (Priority Standard support level)
Joined: 10/15/2014
Posts: 12

I'm attempting to correctly validate the SSL certificate that is encountered while using the the DropboxDataStorage object. The example code has the OnCertificateValidation callback just returning true for all certificates. For obvious reasons, this is not acceptable. So I have attempted to use the code described in the "Certificate validation" section of this article (https://www.eldos.com/sbb/articles/8091.php), which seems to work for most https sites (except https://www.google.com, but that is a different issue). However, this fails with Dropbox's "https://api.drobox.com" certificate, with a reason code of "512". Now, this might be because the certificate is an "any domain" certificate (*.dropbox.com), but I'm not entirely sure.

Do you have any working code that can correctly show how to validate the Dropbox API's SSL certificate for use with the client?

SecureBlackbox version: 12.0.263.

I can provide some sample code if it is needed.
Posted: 05/06/2015 01:12:23
by Eugene Mayevski (Team)

I’ve noticed there is no license ticket linked to your user account on EldoS site. Support is provided to customers with the linked license tickets. You will find your license ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period.

Sincerely yours
Eugene Mayevski
Posted: 05/06/2015 14:48:13
by Alan Reinhold (Priority Standard support level)
Joined: 10/15/2014
Posts: 12

I have updated my account with the license ticket.
Posted: 05/06/2015 15:19:16
by Eugene Mayevski (Team)

Thank you for linking the ticket. Indeed it looks like the wildcard CN is not matched correctly to the domain name. It's possible, though, that the issue have been fixed after build 263 (we did make some RDN-related improvements in build 265 which could affect the behavior).

So to answer your question - most likely your code is valid and the problem is in the library code. We will check this and let you know the outcome.

In general the use of TElX509CertificateValidator is shown in many samples (you can do the search for "TElX509CertificateValidator" in SecureBlackbox\Samples folder) and it's quite straightforward.

I have created a new support ticket in HelpDesk ( https://www.eldos.com/helpdesk/ ) based on your initial report. Our developers will respond tot he HelpDesk once the issue is checked. You will also get e-mail notifications about updates related to your support ticket.

Sincerely yours
Eugene Mayevski
Posted: 05/06/2015 15:22:15
by Alan Reinhold (Priority Standard support level)
Joined: 10/15/2014
Posts: 12

Thank you. I did find a sample of the validator in the HTML sample code, and this is what I am working from at the moment. I will direct any further information and details with the help ticket at this point in time.

Alan Reinhold
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 1025 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!