ServerCertificate Validation: Issuer is returned in Subject Property

Posted: 10/29/2007 10:51:07
I use the TElIndySSLIOHandlerSocket component with Indy 9 and Delphi 6 on Windows XP SP2.

To Check the Server Certificate I've written my own Event Handler for ElIndySSLIOHandlerSocket.OnCertificateValidate:

procedure TMyClass.ElIndySSLIOHandlerSocketCertificateValidate(
Sender: TObject; Certificate: TElX509Certificate; var Validate: Boolean);

If I access Certificate.Subject.Organization I get the Organization of the Issuer instead of the Organization of the Subject.

I would like to get the Subject instead of the Issuer. Does anybody know a Solution to this problem?

I've attached an example of what I get from the Certificate Object
and the actual values (from IE, Firefox).

Subject from Certificate Object:

Organization=VeriSign, Inc.
OrganizationUnit=VeriSign Trust Network
OrganizationUnit=Terms of use at https://www.verisign.com/rpa ©05
CommonName=VeriSign Class 3 Secure Server CA

Issuer from Certificate Object:
Organization=VeriSign, Inc.
OrganizationUnit=Class 3 Public Primary Certification Authority

Actual Subject (from IE, Firefox):

CN = etb.auto-partner.net
OU = Webserver Team
O = Porsche Informatik GmbH
L = Bergheim
S = Salzburg
C = AT

Actual Issuer (from IE, Firefox)

CN = VeriSign Class 3 Secure Server CA
OU = Terms of use at https://www.verisign.com/rpa ©05
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US

by Ken Ivanov (Team)

It is likely that the server sends you a complete certificate chain (i.e., several certificates). Each of them invokes separate OnCertificateValidate call, so you actually read the Subject information for the topmost certificate in the chain.
by Eugene Mayevski (Team)

Please check the how-to's regarding how to work with certificate chains correctly.

Thanks, that solved my Problem



