RE: Problems authenticating server for SSLStream negotiation



Hi,

i can second that - why don't you simply use the cert store - thats what it is made for...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

"Lee Gillie" wrote:

On the server side I reconstitute the server certificate from the
registry, where I have it stored as a binary block of data. A utility
loads the PFX file, which includes the private key, then stores that
in the registry. Later, when the FTP server starts I load the binary
data, and use it to construct the Certificate, which is eventually
used to negotiate SSL. The PFX was built at the server by importing
our certificate, and then exporting to PFX, supplying the password,
choosing to include the private key, and to NOT delete the key after
export.

Is there any reason why you're not using the usual SSPI certificate
stores?

The description above just suggests that you may have a problem in
your export to PFX, or your import from PFX to the registry, or your
reading from the registry, or your conversion from a binary object to
an in-memory certificate.

If you install your PFX in the regular certificate stores, you can
test using any of a number of other implementations, such as my own
WFTPD Pro (http://www.wftpd.com), to see if your certificate works
there.  That would narrow it down to either a problem in your SSL
code, or in your import / export of the certificate.

Come to that, why are you writing a program that's already been
written by so many others?

Alun.
~~~~


.