Invalid certificate chain error using Neowave Winkeo key #582
Comments
|
If you can please provide a sample registration output, I would like try to get all the trust path issues put to bed prior to the next release. |
|
Hello, Here is a sample registration output from WebAuthn.
Thanks for your help. When do you plan to perform the next library release ? |
|
The CDP is at http://www.certeurope.fr/reference/certeurope_ec_idecys.crl, it's empty and there are no obvious issues with it. Does your server lack outbound internet access or name resolution to get to the CRL file? That would certainly cause this sort of problem. I could not reproduce the problem you describe from my end. |
Hello,
I'm currently performing some tests with different Fido2 keys and have an issue with one of the them: Neowave Winkeo model.
(https://neowave.fr/fr/produits/gamme-fido-2/winkeo-c-fido-2/)
When I try to register the key, I receive this error from the library:
After investigation, it appears that disabling the online revocation check make the registration works. (CRLDP extension is present in the attestation certificate)
To make it work, I basically commented this line like this:
// if the attestation cert has a CDP extension, go ahead and turn on online revocation checking if (!string.IsNullOrEmpty(CDPFromCertificateExts(trustPath[0].Extensions)) && validationMode != FidoValidationMode.FidoConformance2024) //chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;I've seen some similar issues regarding the trust path chain validation, but it looks like this issue is different.
If you have any idea or solution about that, I would love it.
Thank you
The text was updated successfully, but these errors were encountered: