[Mono-bugs] [Bug 76258][Blo] New - SSL client certificate doesn't work with IE.

Wed Sep 28 12:59:47 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by yngve.zackrisson at mobila-kontoret.se.

http://bugzilla.ximian.com/show_bug.cgi?id=76258

--- shadow/76258	2005-09-28 12:59:47.000000000 -0400
+++ shadow/76258.tmp.27315	2005-09-28 12:59:47.000000000 -0400
@@ -0,0 +1,78 @@
+Bug#: 76258
+Product: Mono: Class Libraries
+Version: unspecified
+OS: 
+OS Details: Linux Fedora Core 3
+Status: NEW   
+Resolution: 
+Severity: 032 Four days
+Priority: Blocker
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: yngve.zackrisson at mobila-kontoret.se               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: SSL client certificate doesn't work with IE.
+
+Please fill in this template when reporting a bug, unless you know what you
+are doing.
+Description of Problem:
+
+Client: Win32 (MS Windows 2000) and MS .NET (v1.1)
+with program: Win32SslHttpClient.exe
+
+Server: Linux (Fedora Core 3) and Mono (1.1.9).
+with program: mssslserver2.exe
+
+(The programs are attaced as zip and tar files.)
+
+Client call with HttpWebRequest using HTTPS 
+causes exception in the listening Mono server.
+
+Steps to reproduce the problem:
+
+1. Certifcate setup:
+   Create a self signed root CA (with openssl) (.pem and .cer).
+   Set the CN for the root CA to 'me292'.
+
+   Create and sign the client and server (.p12) certificates.
+   The CN should be the same as the client and server hostnames.
+   Set the export passwords to 'service'.
+
+   On the Win32 side - double click the certificate and 
+   press the default values to get it to the Windos certificate store.
+
+   On the Mono side, add the root certificate to the Mono's machine's 
+   Trust store with: 
+
+   $ mono /.../certmgr.exe -add -c -m Trust cacert.cer
+
+2. Start up the server side with: 
+
+   $ mono --debug --verbose mssslserver2.exe server16-cert.p12 service
+
+3. On the client run the Win32SslHttpClient.exe program.
+   The Org.Mentalis.Security.dll shall be referenced.
+
+Actual Results:
+
+TlsException is thrown on the Mono server in Mono.Security.
+Se the attached log files for more information.
+
+Expected Results:
+
+A working HTTPS (SSL) communication.
+
+How often does this happen? 
+
+Always (the 2-4 tests I have done).
+
+Additional Information:
+
+According to Sebastian this has something with the MS generated 
+signature (for the client cert).
+Using openssl and wget as client this is said to work. 
+
+Se additional attachments for the runtime results.
