John Allberg
2013-02-11 03:56:47 UTC
Hi!
I'm currently implementing a TLS client for some custom certificate validation but don't understand how certificate validation errors is supposed to propagate.
I've created a class, BcTlsClient, that inherits from DefaultTlsClient. In the GetAuthentication method I supply another class, BcTlsAuthentication, that implements the TlsAuthentication interface.
I get the server certificate in the NotifyServerCertificate method and I'm able to verify the certificate. For an untrusted CA it seems I should throw new TlsFatalAlert(AlertDescription.bad_certificate), but that is being caught in TlsProtocolHandler->SafeReadData and propagated as IOException with message "Internal TLS error, this could be an attack", which might not be the most informative message when the certificate isn't trusted. :)
How am I supposed to handle those problems, not trusted, expired and so on?
Best regards,
John
I'm currently implementing a TLS client for some custom certificate validation but don't understand how certificate validation errors is supposed to propagate.
I've created a class, BcTlsClient, that inherits from DefaultTlsClient. In the GetAuthentication method I supply another class, BcTlsAuthentication, that implements the TlsAuthentication interface.
I get the server certificate in the NotifyServerCertificate method and I'm able to verify the certificate. For an untrusted CA it seems I should throw new TlsFatalAlert(AlertDescription.bad_certificate), but that is being caught in TlsProtocolHandler->SafeReadData and propagated as IOException with message "Internal TLS error, this could be an attack", which might not be the most informative message when the certificate isn't trusted. :)
How am I supposed to handle those problems, not trusted, expired and so on?
Best regards,
John