[Mono-bugs] [Bug 78226][Wis] New - Unable to bind to LDAP server via SSL using Novell.Directory.Ldap

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Apr 27 18:11:00 EDT 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by directhex at apebox.org.

http://bugzilla.ximian.com/show_bug.cgi?id=78226

--- shadow/78226	2006-04-27 18:11:00.000000000 -0400
+++ shadow/78226.tmp.31493	2006-04-27 18:11:00.000000000 -0400
@@ -0,0 +1,110 @@
+Bug#: 78226
+Product: Mono: Class Libraries
+Version: 1.1
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Wishlist
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: directhex at apebox.org               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Unable to bind to LDAP server via SSL using Novell.Directory.Ldap
+
+Please fill in this template when reporting a bug, unless you know what you
+are doing.
+Description of Problem:
+I have two LDAP servers, "dopiaza" and "makhani". Both are configured to
+operate via SSL, on port 636, and their SSL certificates are signed by a
+self-signed root CA. All certificates were generated with OpenLDAP.
+Standard LDAP utilities (ldapsearch, libnss-ldap, libpam-ldap) function
+correctly, and trust the server certificates by manually forcing the CA
+certificate into their configuration files (e.g. "TLS_CACERT
+/path/to/cert.pem" in /etc/ldap/ldap.conf for ldapsearch).
+
+I'm trying to connect to either of these LDAP servers using
+Novell.Directory.Ldap. I have no problems connecting with LDAP (port 389),
+however LDAPS (636) throws an exception along the following lines:
+
+Detected errors in the Server Certificate:
+-2146762490
+LDAP CONNECTION FAILED!
+System.IO.IOException: The authentication or decryption has failed. --->
+Mono.Security.Protocol.Tls.TlsException: Invalid certificate received form
+server.
+in <0x0042c>
+Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate:validateCertificates
+(Mono.Security.X509.X509CertificateCollection certificates)
+in <0x000cf>
+Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate:ProcessAsTls1
+()
+in <0x00045> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
+in (wrapper remoting-invoke-with-check)
+Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
+in <0x00079>
+Mono.Security.Protocol.Tls.ClientRecordProtocol:ProcessHandshakeMessage
+(Mono.Security.Protocol.Tls.TlsStream handMsg)
+in <0x00249>
+Mono.Security.Protocol.Tls.RecordProtocol:InternalReceiveRecordCallback
+(IAsyncResult asyncResult)--- End of inner exception stack trace ---
+
+in <0x000d4>
+Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
+(IAsyncResult asyncResult)
+
+
+
+-2146762490 is CERT_E_PURPOSE.
+
+The CA certificate has been added to Mono's "Trust" store.
+
+The servers' SSL certificates are deemed valid for the purpose "sslserver"
+by "openssl verify -purpose sslserver osc-ca.pem"
+
+"openssl s_client -connect dopiaza:636 -CAfile osc-ca.pem" connects without
+issue to the LDAP server ("Verify return code: 0 (ok)")
+
+Mono version is 1.1.13.6, from the Ubuntu package 1.1.13.6-0ubuntu1.
+
+Steps to reproduce the problem:
+1. Attempt any SSL connection to a machine offering the attached server
+certificate with attached CA certificate in the Trust store
+
+Actual Results:
+Detected errors in the Server Certificate:
+-2146762490
+LDAP CONNECTION FAILED!
+System.IO.IOException: The authentication or decryption has failed. --->
+Mono.Security.Protocol.Tls.TlsException: Invalid certificate received form
+server.
+in <0x0042c>
+Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate:validateCertificates
+(Mono.Security.X509.X509CertificateCollection certificates)
+in <0x000cf>
+Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate:ProcessAsTls1
+()
+in <0x00045> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
+in (wrapper remoting-invoke-with-check)
+Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
+in <0x00079>
+Mono.Security.Protocol.Tls.ClientRecordProtocol:ProcessHandshakeMessage
+(Mono.Security.Protocol.Tls.TlsStream handMsg)
+in <0x00249>
+Mono.Security.Protocol.Tls.RecordProtocol:InternalReceiveRecordCallback
+(IAsyncResult asyncResult)--- End of inner exception stack trace ---
+in <0x000d4>
+Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
+(IAsyncResult asyncResult)
+
+Expected Results:
+No output (successful LDAPS connection)
+
+How often does this happen? 
+Always
+
+Additional Information:

More information about the mono-bugs mailing list