[Mono-bugs] [Bug 76279][Maj] New - CERT_E_CHAINING problem for server certificate

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Sep 29 14:31:31 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by yngve.zackrisson at mobila-kontoret.se.


--- shadow/76279	2005-09-29 14:31:31.000000000 -0400
+++ shadow/76279.tmp.17606	2005-09-29 14:31:31.000000000 -0400
@@ -0,0 +1,105 @@
+Bug#: 76279
+Product: Mono: Class Libraries
+Version: 1.1
+OS Details: Fedora Core 3
+Status: NEW   
+Severity: 032 Four days
+Priority: Major
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: yngve.zackrisson at mobila-kontoret.se               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+Summary: CERT_E_CHAINING problem for server certificate
+Please fill in this template when reporting a bug, unless you know what you
+are doing. 
+Description of Problem: 
+Server: Linux (Fedora Core 3) and Mono (1.1.9).
+with program: mssslserver2.exe
+Client: Win32 (MS Windows 2000) and MS .NET (v1.1)
+with program: Win32SslHttpClient.exe
+(The programs are attaced as zip and tar files.
+ The same yelds for the certificates and 
+ the certificats creation procedure and config files).
+The server certificates is generated with openssl and 
+togethere with the CA and private key (password: 'testing') 
+transfered to a PKCS#12 file (.p12) - with password 'service'.
+The CA cert is added to the Mono's machine CA store 
+and the server cert is added to the Mono's machine Trust store.
+This file is in mssslserer2.exe loaded with: 
+Mono.Security.X509.PKCS12.LoadFromFile(filename, password) 
+and the Mono server Certificate is extracted and 
+later converted to a X509Certificate.
+After the listenSocket.Accept () - of a HTTPS call - 
+an SslServerStream is instantiated with 
+the server certificated (X509Certificate) 
+as an parameter.
+As the mssslserver2.exe is a test program the 
+SslServerStream's ClientCertValidationDelegate 
+is activated and in the called metod 
+the certificate errors is listed:
+        error #-2146762486
+Meaning there was a CERT_E_CHAINING problem with a certificate.
+Steps to reproduce the problem:
+1. Load/Create the CA, server and client certificates 
+   for the actual client and server hostnames. (boch .pem and .cer).
+   The CA shall have the CN=me292 to conform to a 
+   hard coded value in mssslserver2.cs.
+   (Se the document: 'Certificate Creation-16.txt' if details are needed).
+2. Create PKCS#12 files for the server and client certificate. (.p12).
+3. Add the CA .cer certificate to the Mono's machine CA store.
+   Add the server .cer certificate to the Mono's machine Trust store.
+4. Double click on the client (.p12) cert on the Win32 client 
+   to add the client cert to the Windows store.
+5. Change the Uri in the client's Main.cs Main method and compile.
+   (Obs. the Org.Mentalis.Security.dll must be referenced).
+6. Start the server program with: 
+   $ mono --debug --trace=none mssslserver2.exe server16-cert.p12 service
+7. Run the client program.
+8. Watch the result comming up on the server's screen.
+Actual Results:
+The error code below on the servers console:
+        error #-2146762486
+Expected Results:
+        No error messages at all.
+How often does this happen? 
+        All the time.
+Additional Information:
+        The test environment is basically the same as in bugg #76258.

More information about the mono-bugs mailing list