Anonymous_User Absent Member.
Absent Member.
920 views

SSL - LdapConnection UserDefinedServerCertValidationDelegate


Where are the certificateError integer codes documented?

When I register my own UserDefinedServerCertValidationDelegate on an
LdapConnection, my delegate gets called with an integer array containing
-2146762481 and -2146762486.

According to this blog post
<http://lists.ximian.com/pipermail/mono-bugs/2004-August/019653.html>

-2146762481 means that the certificate's DN doesn't match the server
name.
-2146762487 means that the root certificate isn't trusted.

What does -2146762486 mean? And where are all these codes documented?

Thank you in advance.
- Dan


--
danielnapierski
------------------------------------------------------------------------
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=389114

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSL - LdapConnection UserDefinedServerCertValidationDelegate


danielnapierski;1870883 Wrote:
> Where are the certificateError integer codes documented?
>
> When I register my own UserDefinedServerCertValidationDelegate on an
> LdapConnection, my delegate gets called with an integer array containing
> -2146762481 and -2146762486.
>
> According to this blog post
> <http://lists.ximian.com/pipermail/mono-bugs/2004-August/019653.html>
>
> -2146762481 means that the certificate's DN doesn't match the server
> name.
> -2146762487 means that the root certificate isn't trusted.
>
> What does -2146762486 mean? And where are all these codes documented?
>
> Thank you in advance.
> - Dan


-2146762486 means the Chaining error.

The following is the list of errors (of course in hex)

CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112


Hope this helps..


--
-WITH REGARDS,-
*-Palaniappan N-* 🙂
------------------------------------------------------------------------
palaniappan1's Profile: http://forums.novell.com/member.php?userid=12325
View this thread: http://forums.novell.com/showthread.php?t=389114

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSL - LdapConnection UserDefinedServerCertValidationDelegate


Thank you. This is very helpful.

Is this the complete list? Are there docs (on a mono dev site perhaps)
that describe these different errors?

Thanks again,
Dan


palaniappan1;1872724 Wrote:
> -2146762486 means the Chaining error.
>
> The following is the list of errors (of course in hex)
>
> CertEXPIRED = 0x800B0101,
> CertVALIDITYPERIODNESTING = 0x800B0102,
> CertROLE = 0x800B0103,
> CertPATHLENCONST = 0x800B0104,
> CertCRITICAL = 0x800B0105,
> CertPURPOSE = 0x800B0106,
> CertISSUERCHAINING = 0x800B0107,
> CertMALFORMED = 0x800B0108,
> CertUNTRUSTEDROOT = 0x800B0109,
> CertCHAINING = 0x800B010A,
> CertREVOKED = 0x800B010C,
> CertUNTRUSTEDTESTROOT = 0x800B010D,
> CertREVOCATION_FAILURE = 0x800B010E,
> CertCN_NO_MATCH = 0x800B010F,
> CertWRONG_USAGE = 0x800B0110,
> CertUNTRUSTEDCA = 0x800B0112
>
>
> Hope this helps..



--
danielnapierski
------------------------------------------------------------------------
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=389114

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSL - LdapConnection UserDefinedServerCertValidationDelegate


I dont think a proper doc is there. I'll try to add that. Anyway, the
source code is available at developer.novell.com (under the 'Ldap
Libraries for Csharp').


--
-WITH REGARDS,-
*-Palaniappan N-* 🙂
------------------------------------------------------------------------
palaniappan1's Profile: http://forums.novell.com/member.php?userid=12325
View this thread: http://forums.novell.com/showthread.php?t=389114

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSL - LdapConnection UserDefinedServerCertValidationDelegate


palaniappan1;1874942 Wrote:
> I dont think a proper doc is there. I'll try to add that. Anyway, the
> source code is available at developer.novell.com (under the 'Ldap
> Libraries for Csharp').




All of the HEX codes provided are positive values. Yet all of the
integers I've seen passed into the
UserDefinedServerCertValidationDelegate are negative. I believe this is
because of an overflow when casting an uint (or long?) to an int.

This means that any developers that implement their own handlers have
to depend on an cast overflow, which is less than ideal. Perhaps the
signature of the delegate should contain uint[] or long[] instead. This
test shows the problem. I created my own CertificateError enum that
extends uint and uses the HEX values provided.

Code:
--------------------

[Test]
public void TestCertErr()
{
var errors = (CertificateError[]) Enum.GetValues(typeof(CertificateError));

foreach (var error in errors)
{
uint certificateError = (uint) error;

bool isTooBig = certificateError > int.MaxValue;
if (isTooBig)
{
Log.WarnFormat(null, "Overflow: 0x{0:X2} {1,-25} => \t{2}",
certificateError, Enum.GetName(typeof (CertificateError), certificateError),
(int) certificateError);
}

// cast may overflow
int intErr = (int)certificateError;
Assert.IsTrue(!isTooBig || intErr < 0);

uint roundTrip = (uint)intErr;
Assert.AreEqual(certificateError, roundTrip);
}
}
--------------------


Which produces the following output:

Code:
--------------------

Overflow: 0x800B0102 ValidityPeriodNesting => -2146762494
Overflow: 0x800B0103 Role => -2146762493
Overflow: 0x800B0104 PathLenConst => -2146762492
Overflow: 0x800B0105 Critical => -2146762491
Overflow: 0x800B0106 Purpose => -2146762490
Overflow: 0x800B0107 IssuerChaining => -2146762489
Overflow: 0x800B0108 Malformed => -2146762488
Overflow: 0x800B0109 UntrustedRoot => -2146762487
Overflow: 0x800B010A Chaining => -2146762486
Overflow: 0x800B010C Revoked => -2146762484
Overflow: 0x800B010D UntrustedTestRoot => -2146762483
Overflow: 0x800B010E RevocationFailure => -2146762482
Overflow: 0x800B010F CnNoMatch => -2146762481
Overflow: 0x800B0110 WrongUsage => -2146762480
Overflow: 0x800B0112 UntrustedCA => -2146762478
Overflow: 0x800B0113 UnrecognizedError => -2146762477
--------------------


--
danielnapierski
------------------------------------------------------------------------
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=389114

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.