EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ServerCertificate Validation: Issuer is returned in Subject Property

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#4169
Posted: 10/29/2007 10:51:07
by Thomas Moser (Basic support level)
Joined: 10/29/2007
Posts: 2

I use the TElIndySSLIOHandlerSocket component with Indy 9 and Delphi 6 on Windows XP SP2.

To Check the Server Certificate I've written my own Event Handler for ElIndySSLIOHandlerSocket.OnCertificateValidate:

procedure TMyClass.ElIndySSLIOHandlerSocketCertificateValidate(
Sender: TObject; Certificate: TElX509Certificate; var Validate: Boolean);

If I access Certificate.Subject.Organization I get the Organization of the Issuer instead of the Organization of the Subject.

I would like to get the Subject instead of the Issuer. Does anybody know a Solution to this problem?

I've attached an example of what I get from the Certificate Object
and the actual values (from IE, Firefox).


EXAMPLE
***************************************
Subject from Certificate Object:

Country=US
Organization=VeriSign, Inc.
OrganizationUnit=VeriSign Trust Network
OrganizationUnit=Terms of use at https://www.verisign.com/rpa ©05
CommonName=VeriSign Class 3 Secure Server CA

Issuer from Certificate Object:
Country=US
Organization=VeriSign, Inc.
OrganizationUnit=Class 3 Public Primary Certification Authority

***************************************
Actual Subject (from IE, Firefox):

CN = etb.auto-partner.net
OU = Webserver Team
O = Porsche Informatik GmbH
L = Bergheim
S = Salzburg
C = AT

Actual Issuer (from IE, Firefox)

CN = VeriSign Class 3 Secure Server CA
OU = Terms of use at https://www.verisign.com/rpa ©05
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US

#4171
Posted: 10/29/2007 11:01:44
by Ken Ivanov (EldoS Corp.)

It is likely that the server sends you a complete certificate chain (i.e., several certificates). Each of them invokes separate OnCertificateValidate call, so you actually read the Subject information for the topmost certificate in the chain.
#4172
Posted: 10/29/2007 11:36:01
by Eugene Mayevski (EldoS Corp.)

Please check the how-to's regarding how to work with certificate chains correctly.


Sincerely yours
Eugene Mayevski
#4179
Posted: 10/30/2007 10:32:09
by Thomas Moser (Basic support level)
Joined: 10/29/2007
Posts: 2

Thanks, that solved my Problem

Reply

Statistics

Topic viewed 1931 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!