Re: [twsocket] remote SSL certificate verification

Thu, 01 Sep 2011 12:29:55 -0700 

OK, everything is fine now.
But may I ask something strange (at least for me) I noticed ?
When I use following code to retrieve remote cert :

form1.SslHttpCli1.URL := 'https://<website>';
form1.SslHttpCli1.Get;
form1.SslHttpCli1.SslContext.InitContext;
I have noticed that the event "OnSSLVerifyPeer", after every call I make to code above, on some sites event is fired 1 time, on other sites 2 times, on other sites 4 times etc. For example, when I call at https://www.facebook.com, event is fired 4 times, all 4 instances have the same structure (of a certificate - TX509) but are not all of them always the same.
For example for https://www.facebook.com, I have following Serial Numbers return on each reply (notice: I make 1 call) : 

1)
Serial Number: 1116160165 (0x428740a5)
Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 

2)
Serial Number: 1116160165 (0x428740a5)
Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 

3)
Serial Number: 08:51:f9:59:81:41:45:ca:bd:e0:24:e2:12:c9:c2:0e
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 

4)
Serial Number: 0c:6f:c8:59:57:fa:1f:5f:c9:67:2c:9f:e6:5c:db:e6
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3 

Can you please explain that ?


On 1/9/2011 9:52 μμ, Dimitris Botsis wrote:

On 1/9/2011 9:48 μμ, Arno Garrels wrote:

Dimitris Botsis wrote:

Hi again,
I can read the certificate's Serial Number right, by parsing
"cert.GetRawText" at OnSSLVerifyPeer, but is it possible to read the
fingerprint too ?


The fingerprint isn't a value stored in the certificate but a
calculated one.
Methods Sha1Digest and Sha1Hex provide the Sha1 fingerprint, if you
need the MD5 hash or other properties derive your own class from
TX509Base.


Thank you
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be




--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to