Windows Server 2003 Security Patch introduces ASN.1 / x.509 certificate parsing problems RRS feed

  • Question

  • Looks like a recent security patch to Windows Server 2003 Server broke an application of mine used by a large organization.

    C# code that used to parse X.509 certificates correctly and extract the data to a byte array now fails to recognize the certificate as a certificate.

    Has anyone else seen this problem?  Does anyone know what the root cause is and what the solution is other than rolling back the security patch?

    • Edited by Khaja.Ahmed Wednesday, May 9, 2012 7:57 PM
    • Changed type Khaja.Ahmed Wednesday, May 9, 2012 7:57 PM
    • Moved by Alexander Sun Thursday, May 10, 2012 9:44 AM Move to more appropriate forum (From:Visual C# General)
    Wednesday, May 9, 2012 7:56 PM

All replies

  • Hi Khaja,

    Welcome to the MSDN forum.

    Your problem is related to CLR, so I will move your thread to CLR forum for better support.

    Sorry for any inconvenience.

    Best Regards,

    Alexander Sun [MSFT]
    MSDN Community Support | Feedback to us

    Thursday, May 10, 2012 9:42 AM
  • Hi Alex,

    Can you tell me how you concluded that the problem is in the CLR?  The problem began when Windows Server 2003 was updated with critical security patches. Do you know if the patch that caused the problem was for the CLR or are you guessing this based on the fact that the code where the bug surfaced is C#?  I am asking this because (IIRC) x.509 / certificate processing logic ultimately does use some native functionality as well.  Is the ASN.1 parser for native and CLR different? Is that where the problem lies?  What about the path discover and validation logic which includes ASN.1, RSA, SHA, etc.?  Is that entirely in the CLR?  I am under the impression that this is not the case.

    Any info you can give me or pointers to other forums / sources which can help me figure out what is going on would be most appreciated.  Thanks.



    Thursday, May 10, 2012 10:56 PM