Failed server validation by individual certificate in SE 4.31

[ethanolson]

In the client, when attempting to validate the server with individual certificate, the safeguard is of none effect with SE 4.31. I tested an old certificate to validate when the server was issuing the new certificate (same CN, different key length) and it simply allowed the connection. This needs to be corrected.

[cedar]

Was the connection mode in TCP?
Aren't you using a VPN Azure service?

[ethanolson]

No azure. It worked in the past but the newest SE client was tested and it doesn't validate when a CA cert is in the store. It's operating blind trust with no regard to the checkbox to validate server certificate explicitly even though a server cert is specified. Without the CA cert then it validates the specified certificate. I can work with that but do wish for a feature to choose explicit validation even with a trusted CA cert. Also, I wish it could support a 7680 bit certificate. Today it caps at 4096 bit. Oh well. I really like so much about SoftEther that I will definitely continue using it.

[cedar]

In my environment, dialog windows are shown when the server presents a certificate that is not the unique certificate specified in the connection settings.
[attachment=0]clipboard.png[/attachment]