Re: How to verify CA for a X.509 certificate

From: Bas van Atteveldt (newsgroup_at_2at.nl)
Date: 06/12/04


Date: Sat, 12 Jun 2004 12:25:12 +0200

It helps a little. I had already found that article but it is an awfull lot
of work using almost exclusively unmanaged calls. More importantly, if I
read it correctly, it only checks if the issuer name exists in a store; this
is not secure as the issuer name can be forged quite easily. It should check
if the public key of the issuer (or the issuer's issuer, etc.) is in the
store. I believe that code like this can also be done managed using the WSE
(web services enhancements) from microsoft.

Bas.

"Michel Gallant" <neutron@istar.ca> wrote in message
news:%232tdtP%23TEHA.3404@TK2MSFTNGP10.phx.gbl...
> Note sure is this helps:
> http://www.jensign.com/JavaScience/dotnet/VerifyCertSigner
> - Mitch Gallant
> MVP Security
>
...



Relevant Pages

  • Re: How to verify CA for a X.509 certificate
    ... The article DOES check if the public key is in the store, ... to use it to explicitly verify the signature on the cert. ... root CA certs;-) then you should be golden. ... > is not secure as the issuer name can be forged quite easily. ...
    (microsoft.public.dotnet.security)
  • Re: atomic-free spsc-lifo-stack
    ... to/from the same location and issuer) can overtake that store and that ... that store can not overtake preceding stores and loads. ...
    (comp.programming.threads)