[Mono-bugs] [Bug 76279][Maj] New - CERT_E_CHAINING problem for
server certificate
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Thu Sep 29 14:31:31 EDT 2005
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by yngve.zackrisson at mobila-kontoret.se.
http://bugzilla.ximian.com/show_bug.cgi?id=76279
--- shadow/76279 2005-09-29 14:31:31.000000000 -0400
+++ shadow/76279.tmp.17606 2005-09-29 14:31:31.000000000 -0400
@@ -0,0 +1,105 @@
+Bug#: 76279
+Product: Mono: Class Libraries
+Version: 1.1
+OS:
+OS Details: Fedora Core 3
+Status: NEW
+Resolution:
+Severity: 032 Four days
+Priority: Major
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com
+ReportedBy: yngve.zackrisson at mobila-kontoret.se
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: CERT_E_CHAINING problem for server certificate
+
+Please fill in this template when reporting a bug, unless you know what you
+are doing.
+Description of Problem:
+
+Server: Linux (Fedora Core 3) and Mono (1.1.9).
+with program: mssslserver2.exe
+
+Client: Win32 (MS Windows 2000) and MS .NET (v1.1)
+with program: Win32SslHttpClient.exe
+
+(The programs are attaced as zip and tar files.
+ The same yelds for the certificates and
+ the certificats creation procedure and config files).
+
+The server certificates is generated with openssl and
+togethere with the CA and private key (password: 'testing')
+transfered to a PKCS#12 file (.p12) - with password 'service'.
+
+The CA cert is added to the Mono's machine CA store
+and the server cert is added to the Mono's machine Trust store.
+
+This file is in mssslserer2.exe loaded with:
+Mono.Security.X509.PKCS12.LoadFromFile(filename, password)
+and the Mono server Certificate is extracted and
+later converted to a X509Certificate.
+
+After the listenSocket.Accept () - of a HTTPS call -
+an SslServerStream is instantiated with
+the server certificated (X509Certificate)
+as an parameter.
+
+As the mssslserver2.exe is a test program the
+SslServerStream's ClientCertValidationDelegate
+is activated and in the called metod
+the certificate errors is listed:
+
+V5
+ error #-2146762486
+V9
+
+Meaning there was a CERT_E_CHAINING problem with a certificate.
+
+Steps to reproduce the problem:
+
+1. Load/Create the CA, server and client certificates
+ for the actual client and server hostnames. (boch .pem and .cer).
+ The CA shall have the CN=me292 to conform to a
+ hard coded value in mssslserver2.cs.
+ (Se the document: 'Certificate Creation-16.txt' if details are needed).
+
+2. Create PKCS#12 files for the server and client certificate. (.p12).
+
+3. Add the CA .cer certificate to the Mono's machine CA store.
+ Add the server .cer certificate to the Mono's machine Trust store.
+
+4. Double click on the client (.p12) cert on the Win32 client
+ to add the client cert to the Windows store.
+
+5. Change the Uri in the client's Main.cs Main method and compile.
+ (Obs. the Org.Mentalis.Security.dll must be referenced).
+
+6. Start the server program with:
+
+ $ mono --debug --trace=none mssslserver2.exe server16-cert.p12 service
+
+7. Run the client program.
+
+8. Watch the result comming up on the server's screen.
+
+
+Actual Results:
+
+The error code below on the servers console:
+
+ error #-2146762486
+
+Expected Results:
+
+ No error messages at all.
+
+How often does this happen?
+
+ All the time.
+
+Additional Information:
+
+ The test environment is basically the same as in bugg #76258.
More information about the mono-bugs
mailing list