What are certificate errors

what are certificate errors


Win8.1 has provided the ability to APPs to ignore some SSL certificate errors. Jeff Sanders has made an example to do this via HttpClient with C#. But it is the same in C++ with StreamSocket.

When we make SSL connection to the remote server with StreamSocket, the connection might fail with SSL certificate errors. If the ServerCertificateErrorSeverity is ignorable, it means that there are certificate errors that could be ignored. Thus we could add it into the vector StreamSocket::StreamSocketControl::IgnorableServerCertificateErrors. Later we could re-connect to the remote server again with the same StreamSocket.

The ignorable errors are actually a vector of ChainValidationResult enumeration.

What I am not clear

is that:

1. For any SSL certificate error, if it couldn't be ignored, then it will not be present in StreamSocket::StreamSocketControl::IgnorableServerCertificateErrors. Is it? (I think it should be yes).

2. Are all those enumerations in ChainValidationResult are ignorable?

3. The last enumerations is "otherErrors". I personally think that all those errors that couldn't be ignored have been excluded from the enumerations thus the "otherErrors" is not in those error list that couldn't be ignored. But would it be possible that the SSL connection would still fail after adding the "otherErrors" in the ignorable list?

4. Is there a list that contains all ignorable and un-ignorable SSL certificate errors?

Source: social.msdn.microsoft.com

Category: Insurance

Similar articles: