>> Depends on what you're trying to accomplish, what question you're trying >> to answer. If the question is merely "are these two certs identical" >> then comparing both from stem to stern is a very good way. If you're >> trying to ask "do these two certs identify the same subject", then you >> may need to do much more work. >> > Just byte-comparing seems right; I see no reason why system C would > want > to use different certificates for connecing to A and C. > > Thank you for your response. I think my problem is solved now. If I were you, I'd double check my byte compare code in B. Try connecting to A with one cert and to B with another and make sure it fails. In our previous example, you clearly had a mangled version of certificate C sent to be, but you indicated that B accepted C's real cert as equal. That tells me you may not be doing your compare correctly.
bob
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
