You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Providing a thumbprint with different casing on the client and server-side gives the following exception:
The server at https://localhost:8080/ presented an unexpected security certificate. We expected the server to present a certificate with the thumbprint 'a7b12a038945afdee39661bcf59cf1600c811122'. Instead, it presented a certificate with a thumbprint of 'A7B12A038945AFDEE39661BCF59CF1600C811122' and subject ''.
As you can see, the thumbprint is correct, but differs in casing. It expected lowercase, but got uppercase. Certificate thumbprints are a hex-string representation of SHA-based hashes and shouldn't be treated as equal whether they are upper- or lower case.
Reproduction
Provide a thumbprint with different casing on the client and server-side.
Workaround
Aligning the thumbprints with the same case fixes the problem.
The text was updated successfully, but these errors were encountered:
The comparison here is between what it received over the stream (which in the error message is upper case) and what was set on the ServiceEndpoint (which in the error message is lower case). A fix could be to always upper case the thumbprint given to the ServiceEndpoint. If that isn't suitable let us know :)
A fix could be to always upper case the thumbprint given to the ServiceEndpoint. If that isn't suitable let us know :)
I guess it's suitable and it would effectively make it case-insensitive, but why bother when you can avoid the allocation?
Thumbprints are hexadecimal representations of the SHA1 (or sometimes SHA256) digest bytes of a certificate. Hexadecimal bytes are case-insensitive (i.e. 2A and 2a both represent the decimal value 42) and there are lots of ways to obtain the thumbprint of a certificate. Here's a screenshot from certmgr in Windows, showing the thumbprint as lowercase:
Anyway, it's not a blocker as its easy to work around, but it would be nice if it just worked out of the box, whether that is by doing case-insensitive comparisons or calling ToUpper on both ends. 😀
Team
What happened?
Providing a thumbprint with different casing on the client and server-side gives the following exception:
As you can see, the thumbprint is correct, but differs in casing. It expected lowercase, but got uppercase. Certificate thumbprints are a hex-string representation of SHA-based hashes and shouldn't be treated as equal whether they are upper- or lower case.
Reproduction
Provide a thumbprint with different casing on the client and server-side.
Workaround
Aligning the thumbprints with the same case fixes the problem.
The text was updated successfully, but these errors were encountered: