[Mono-bugs] [Bug 349191] New: [2.0] Certificate verification during SSL handshake fails if root CA is trusted

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Dec 17 07:05:07 EST 2007


           Summary: [2.0] Certificate verification during SSL handshake
                    fails if root CA is trusted
           Product: Mono: Class Libraries
           Version: SVN
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: gert.driesen at pandora.be
         QAContact: mono-bugs at ximian.com
          Found By: ---

On the 2.0 profile, HttpWebRequest fails to setup an SSL session if the root CA
is in the Trust store.

It works fine (on both 1.0 and 2.0 profile) if I do not trust to root CA. Is
this normal?

To reproduce:
1. Add certificate for GlobalSign Root CA to Trust keystore
2. Compile and run the following code snippet:

using System;
using System.IO;
using System.Net;
using System.Text;

class Program
        static int Main (string [] args)
                HttpWebRequest request = (HttpWebRequest) WebRequest.Create
                request.Method = "GET";

                try {
                        HttpWebResponse response = (HttpWebResponse)
request.GetResponse ();
                        using (StreamReader sr = new StreamReader
(response.GetResponseStream (), Encoding.UTF8, true)) {
                                string result = sr.ReadToEnd ();
                                if (result.IndexOf ("<title>Microsoft
Corporation</title>") == -1) {
                                        Console.WriteLine (result);
                                        return 1;
                        response.Close ();
                } catch (WebException ex) {
                        if (ex.Response != null) {
                                StreamReader sr = new StreamReader
(ex.Response.GetResponseStream ());
                                Console.WriteLine (sr.ReadToEnd ());
                        } else {
                                Console.WriteLine (ex.ToString ());
                        return 2;

                return 0;

Expected result:

Successful execution.

Actual result:

System.Net.WebException: Error getting response stream (Write): SendFailure
 System.IO.IOException: The authentication or decryption has failed. --->
ecurity.Protocol.Tls.TlsException: Invalid certificate received from server.
rtificates (Mono.Security.X509.X509CertificateCollection certificates)
ls1 () [0x00000]
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000]
  at (wrapper remoting-invoke-with-check)
andshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
no.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
syncResult asyncResult) [0x00000] --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
lt asyncResult) [0x00000] --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult)
  at System.Net.HttpWebRequest.GetResponse () [0x00000]
  at Program.Main (System.String[] args) [0x00000]

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list