Page 1 of 1

Failed server validation by individual certificate in SE 4.31

Posted: Mon Dec 02, 2019 6:35 am
by ethanolson
In the client, when attempting to validate the server with individual certificate, the safeguard is of none effect with SE 4.31. I tested an old certificate to validate when the server was issuing the new certificate (same CN, different key length) and it simply allowed the connection. This needs to be corrected.

Re: Failed server validation by individual certificate in SE 4.31

Posted: Wed Dec 04, 2019 7:37 am
by cedar
Was the connection mode in TCP?
Aren't you using a VPN Azure service?

Re: Failed server validation by individual certificate in SE 4.31

Posted: Fri Dec 06, 2019 3:02 am
by ethanolson
No azure. It worked in the past but the newest SE client was tested and it doesn't validate when a CA cert is in the store. It's operating blind trust with no regard to the checkbox to validate server certificate explicitly even though a server cert is specified. Without the CA cert then it validates the specified certificate. I can work with that but do wish for a feature to choose explicit validation even with a trusted CA cert. Also, I wish it could support a 7680 bit certificate. Today it caps at 4096 bit. Oh well. I really like so much about SoftEther that I will definitely continue using it.

Re: Failed server validation by individual certificate in SE 4.31

Posted: Fri Dec 06, 2019 4:20 am
by cedar
In my environment, dialog windows are shown when the server presents a certificate that is not the unique certificate specified in the connection settings.
[attachment=0]clipboard.png[/attachment]