[Mono-bugs] [Bug 79986][Maj] New - TlsException at TlsClientCertificate.ProcessAsTls1 using SslServerStream

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Nov 20 07:09:20 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pawel.sakowski at mindbreeze.com.


--- shadow/79986	2006-11-20 07:09:20.000000000 -0500
+++ shadow/79986.tmp.5048	2006-11-20 07:09:20.000000000 -0500
@@ -0,0 +1,96 @@
+Bug#: 79986
+Product: Mono: Class Libraries
+Version: 1.2
+OS: GNU/Linux [Other]
+OS Details: 
+Status: NEW   
+Priority: Major
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: pawel.sakowski at mindbreeze.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+Summary: TlsException at TlsClientCertificate.ProcessAsTls1 using SslServerStream
+Description of Problem:
+A basic scenario involving a Mono.Security-based TCP/SSL server fails.
+Steps to reproduce the problem:
+1. Invoke the following code:
+using System;
+using System.Net;
+using System.Net.Sockets;
+using System.Text;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using Mono.Security.Protocol.Tls;
+using MX=Mono.Security.X509;
+class X{
+static AsymmetricAlgorithm key;
+static void Main(){
+MX.PKCS12 p = MX.PKCS12.LoadFromFile("localhost.p12", "");
+X509Certificate x509 = new X509Certificate(p.Certificates[0].RawData);
+key = (RSA) p.Keys[0];
+Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream,
+sock.Bind(new IPEndPoint(IPAddress.Any, 5555));
+SslServerStream stream = new SslServerStream(new
+NetworkStream(sock.Accept(), true), x509, true, false);
+stream.PrivateKeyCertSelectionDelegate += KeySelection;
+stream.ClientCertValidationDelegate += CertValidation;
+byte[] resp = Encoding.ASCII.GetBytes("HTTP/1.1 200 OK\r\nContent-Length:
+stream.Write(resp, 0, resp.Length);
+static AsymmetricAlgorithm KeySelection(X509Certificate certificate, string
+targetHost) {
+return key;
+static bool CertValidation(X509Certificate certificate, int[]
+certificateErrors) {
+return true;
+2. wget https://localhost:5555 --no-check-certificate -O /dev/null
+Actual Results:
+Unhandled Exception: System.IO.IOException: The authentication or
+decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The
+authentication or decryption has failed.
+  at
+() [0x00000]
+  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000]
+  at (wrapper remoting-invoke-with-check)
+Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
+  at
+(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
+  at
+(IAsyncResult asyncResult) [0x00000] --- End of inner exception stack trace ---
+  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
+(IAsyncResult asyncResult) [0x00000]
+Unable to establish SSL connection.
+Expected Results:
+a successful communication
+How often does this happen? 
+Additional Information:
+Mono version 1.2
+wget version 1.10.1
+The certificate file follows.

More information about the mono-bugs mailing list