EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ServerCertificate Validation: Issuer is returned in Subject Property

Posted: 10/29/2007 10:51:07
by Thomas Moser (Basic support level)
Joined: 10/29/2007
Posts: 2

I use the TElIndySSLIOHandlerSocket component with Indy 9 and Delphi 6 on Windows XP SP2.

To Check the Server Certificate I've written my own Event Handler for ElIndySSLIOHandlerSocket.OnCertificateValidate:

procedure TMyClass.ElIndySSLIOHandlerSocketCertificateValidate(
Sender: TObject; Certificate: TElX509Certificate; var Validate: Boolean);

If I access Certificate.Subject.Organization I get the Organization of the Issuer instead of the Organization of the Subject.

I would like to get the Subject instead of the Issuer. Does anybody know a Solution to this problem?

I've attached an example of what I get from the Certificate Object
and the actual values (from IE, Firefox).

Subject from Certificate Object:

Organization=VeriSign, Inc.
OrganizationUnit=VeriSign Trust Network
OrganizationUnit=Terms of use at https://www.verisign.com/rpa ©05
CommonName=VeriSign Class 3 Secure Server CA

Issuer from Certificate Object:
Organization=VeriSign, Inc.
OrganizationUnit=Class 3 Public Primary Certification Authority

Actual Subject (from IE, Firefox):

CN = etb.auto-partner.net
OU = Webserver Team
O = Porsche Informatik GmbH
L = Bergheim
S = Salzburg
C = AT

Actual Issuer (from IE, Firefox)

CN = VeriSign Class 3 Secure Server CA
OU = Terms of use at https://www.verisign.com/rpa ©05
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US

Posted: 10/29/2007 11:01:44
by Ken Ivanov (Team)

It is likely that the server sends you a complete certificate chain (i.e., several certificates). Each of them invokes separate OnCertificateValidate call, so you actually read the Subject information for the topmost certificate in the chain.
Posted: 10/29/2007 11:36:01
by Eugene Mayevski (Team)

Please check the how-to's regarding how to work with certificate chains correctly.

Sincerely yours
Eugene Mayevski
Posted: 10/30/2007 10:32:09
by Thomas Moser (Basic support level)
Joined: 10/29/2007
Posts: 2

Thanks, that solved my Problem



Topic viewed 2213 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!