[Mono-bugs] [Bug 62716][Blo] New - SslServerStream doesn't work properly

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 9 Aug 2004 09:15:35 -0400 (EDT)


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by meddochat@zonnet.nl.

http://bugzilla.ximian.com/show_bug.cgi?id=62716

--- shadow/62716	2004-08-09 09:15:35.000000000 -0400
+++ shadow/62716.tmp.30669	2004-08-09 09:15:35.000000000 -0400
@@ -0,0 +1,129 @@
+Bug#: 62716
+Product: Mono: Class Libraries
+Version: unspecified
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Blocker
+Component: Mono.Security
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: meddochat@zonnet.nl               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: SslServerStream doesn't work properly
+
+Description of Problem:
+
+I'm trying to implement a Ssl/tls server and using 
+mono.security.Protocol.Tls for the Ssl implementation, but the handshake 
+doesn't work properly
+
+Steps to reproduce the problem:
+1. download Indy.NET from cvs.sourceforge.net:/cvsroot/indy-net module
+   Indy.NET username anonymous, password blank
+2. build it using nant
+3. use the following source to build the server:
+
+--- begin of source ---
+using System;
+
+using TerWoord.Communications.Core;
+using TerWoord.Communications.Protocols.Echo;
+
+public class test
+{
+	static void Main()
+	{
+		// the server becomes active on port 8
+		EchoServer es = new EchoServer();
+		ServerIOHandlerTls siht = new ServerIOHandlerTls();
+		// make sure you fill in a proper certificate
+		siht.Options.LoadCertificateFromFile(@"g:\test.cer");
+		es.IOHandler = siht;
+		es.Active = true;
+		Console.WriteLine("Running");
+		Console.ReadLine();
+		es.Active = false;
+	}
+}
+--- end of source ---
+
+4. build this using [csc|mcs] /r:TerWoord.Communications.dll <file>.cs
+5. run this program.
+6. using openssl, connect to it using:
+      openssl s_client -tls1 -msg -connect <your.ip>:8
+Actual Results:
+here is the ouput of step 6:
+
+CONNECTED(00000003)
+>>> TLS 1.0 Handshake [length 005f], ClientHello
+    01 00 00 5b 03 01 41 17 70 31 ca 48 76 67 8f 27
+    e3 b5 ad 3c d4 c0 62 60 f0 e0 e3 c3 2d ea 51 c6
+    34 a9 34 1f 65 8a 00 00 34 00 39 00 38 00 35 00
+    16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00
+    04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00
+    64 00 60 00 14 00 11 00 08 00 06 00 03 01 00
+<<< TLS 1.0 Handshake [length 002a], ServerHello
+    02 00 00 26 03 01 65 6c 61 e0 91 56 86 c2 eb 93
+    1c 58 65 41 d2 20 74 0f 45 f0 7f b1 33 6c b1 07
+    72 8c 83 86 3b 68 00 00 35 00
+<<< TLS 1.0 Handshake [length 0191], Certificate
+    0b 00 01 8d 00 01 8a 00 01 87 30 82 01 83 30 82
+    01 2d a0 03 02 01 02 02 10 15 67 60 c8 ed 6c 8f
+    a5 47 f1 8f cc 01 16 9f ed 30 0d 06 09 2a 86 48
+    86 f7 0d 01 01 04 05 00 30 16 31 14 30 12 06 03
+    55 04 03 13 0b 52 6f 6f 74 20 41 67 65 6e 63 79
+    30 1e 17 0d 30 34 30 38 30 39 31 30 33 37 33 31
+    5a 17 0d 33 39 31 32 33 31 32 33 35 39 35 39 5a
+    30 22 31 20 30 1e 06 03 55 04 03 13 17 4a 6f 65
+    27 73 2d 53 6f 66 74 77 61 72 65 2d 45 6d 70 6f
+    72 69 75 6d 30 5c 30 0d 06 09 2a 86 48 86 f7 0d
+    01 01 01 05 00 03 4b 00 30 48 02 41 00 ca 76 46
+    1b 81 15 7d 95 bf 52 06 8f a1 ef 99 81 5b ab 5d
+    a2 d0 8c b1 f1 16 fa 43 b9 ec 30 82 ff 54 90 ba
+    bd ba c3 48 74 51 20 d4 ae de 05 fc c1 19 ed a8
+    da 60 7a e2 07 eb 67 4c c1 ed 74 70 4f 02 03 01
+    00 01 a3 4b 30 49 30 47 06 03 55 1d 01 04 40 30
+    3e 80 10 12 e4 09 2d 06 1d 1d 4f 00 8d 61 21 dc
+    16 64 63 a1 18 30 16 31 14 30 12 06 03 55 04 03
+    13 0b 52 6f 6f 74 20 41 67 65 6e 63 79 82 10 06
+    37 6c 00 aa 00 64 8a 11 cf b8 d4 aa 5c 35 f4 30
+    0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 41
+    00 66 c4 c5 db f2 93 39 dd 1b c4 5f 34 a3 ad 17
+    6f 55 32 34 a2 f1 4b 28 35 8e 61 21 d3 83 6c 83
+    d9 d8 17 55 a5 a6 eb c9 b1 7b 56 05 bc 94 4a 02
+    f8 f7 7e 73 85 f4 81 47 43 54 aa a2 e1 18 60 73
+    a6
+depth=0 /CN=Joe's-Software-Emporium
+verify error:num=20:unable to get local issuer certificate
+verify return:1
+depth=0 /CN=Joe's-Software-Emporium
+verify error:num=27:certificate not trusted
+verify return:1
+depth=0 /CN=Joe's-Software-Emporium
+verify error:num=21:unable to verify the first certificate
+verify return:1
+<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
+    0e 00 00 00
+>>> TLS 1.0 Handshake [length 0046], ClientKeyExchange
+    10 00 00 42 00 40 b4 6e d3 93 21 ad ba 68 a7 09
+    85 76 2f b3 0f d8 5f f4 f3 20 fb 16 19 1a 52 7d
+    72 04 b8 de 42 8f 81 7a 58 85 5c ec 68 72 44 b7
+    56 ff e3 e7 81 ec 83 7c 70 82 29 65 ee 24 68 1d
+    f7 5b 31 75 b3 5d
+>>> TLS 1.0 ChangeCipherSpec [length 0001]
+    01
+>>> TLS 1.0 Handshake [length 0010], Finished
+    14 00 00 0c 4b db bc c5 ec 9b 72 71 b9 b7 3c 16
+write:errno=104
+
+Expected Results:
+  i don't know, i never had it working.
+
+
+How often does this happen? 
+  always, seems a hardcoded bug to me