Re: SslSteam causes spurious http connection attempts

If my memory serves me right, the behavior might be expected.

First, validation of the certificate may require the download of certificates of the parent authorities.

Second, as it was correctly mentioned, validating the cert includes checking its revocation list. And I would really *not* recommend to drop this check, since without it you still will be able to connect say to a phishing site after its certificate was revoked by the issuing authority.

It's a question though why the verification takes that long. Although the delays like that might be rarely expected, those should not be common. I would suspect there is something wrong either with the network, or with the cert you provide, but honestly have no really deep thoughts on that.

Thanks,
Eugene V. Bobukh

"davidkclark" <davidkclark@xxxxxxxxx> wrote in message news:1175028384.691266.265100@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Mar 27, 4:06 pm, "Henning Krause [MVP - Exchange]"
<newsgroups_rem...@xxxxxxxxxxxxxxxxx> wrote:
I would guess that the SslStream is checking the revocation status of the
remote certificate.


That is what I thought too. This is what I am doing currently:

TcpClient client = new TcpClient("127.0.0.1", 50051);
SslStream ssl = new SslStream(client.GetStream(), false, new
RemoteCertificateValidationCallback(ValidateServerCertificate), null);
ssl.AuthenticateAsClient("", null,
System.Security.Authentication.SslProtocols.Ssl3, false);

My ValidateServerCertificate does simply: return true;

So it really should not be checking the revocation list... (I guess
that it is possible that it is the SSL server doing the check...)

Thanks for your help

.

Relevant Pages

  • Re: Royal Preservation Society International
    ... to what some opinions may be, we are not certificate mill. ... nothing for membership. ... In contrast, RPSI membership can't be purchased, we do not sell titles ... certification or validation such as yours? ...
    (rec.heraldry)
  • Re: Schannel CertificateChainValidation failing
    ... I am not fully up to speed with certs (root, end entity, ... valid Windows trusted root cert. ... You've enabled certificate revocation checking, and the validation code ...
    (microsoft.public.platformsdk.security)
  • Re: Royal Preservation Society International
    ... With respect to our validation of a title, this is a rare situation and ... to what some opinions may be, we are not certificate mill. ... course that some of discussions around honorary knighthoods has also not ... given me confidence in your knowledge of either British concepts of nobility ...
    (rec.heraldry)
  • RE: WGA Validation Issue
    ... When I reinstalled the Trusted CA's the validation works ... him that "This copy of Windows is not genuine". ... Publisher: Unknown Publisher ... down the certificate chain to find the following certificate: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows doesnt verify digital signature of CRL files
    ... Correct me if I am wrong but I understood that certificate validation was ... If the CDP location contains a valid CRL URL and that CA's ... CRL is not already in cache, then the CRL is retreived from that CDP URL ...
    (Bugtraq)