Hi,

I have encountered what might be an issue when connecting to an IRC server using a signed certificate (where mIRC trusts the signing authority).

When connecting while trusting the authority, mIRC returns the following details for the certificate:

Code:
Issued to:
Organization: Root CA
Unit: http://www.cacert.org
Host: CA Cert Signing Authority
Email: support@cacert.org

Issued by:
Organization: Root CA
Unit: http://www.cacert.org
Host: CA Cert Signing Authority
Email: support@cacert.org

Valid from 30/03/2003 to 29/03/2033


When not trusting the authority, mIRC returns this:

Code:
Issued to:
Host: lotus.ca.us.swiftirc.net

Issued by:
Organization: Root CA
Unit: http://www.cacert.org
Host: CA Cert Signing Authority
Email: support@cacert.org

Valid from 04/08/2010 to 31/01/2011


mIRC thus alternates between complaining about the server name not matching, and being unable to get the local issuer certificate. This problem appears to occur with servers with signed by the same CA that were properly validated with an earlier version of mIRC.

Interrogating the server certificate using the same box/OpenSSL version as mIRC returns this:

Code:
c:\OpenSSL\bin>openssl verify -CAfile c:\users\karl\Documents\keys\CACertRoot.cer c:\Users\karl\Documents\lotus.pem
c:\Users\karl\Documents\lotus.pem: OK


Code:
c:\OpenSSL\bin>openssl x509 -in c:\users\karl\Documents\lotus.pem -issuer -subject 
issuer= /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
subject= /CN=lotus.ca.us.swiftirc.net