[Mono-bugs] [Bug 349191] New: [2.0] Certificate verification during SSL handshake fails if root CA is trusted
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Dec 17 07:05:07 EST 2007
https://bugzilla.novell.com/show_bug.cgi?id=349191
Summary: [2.0] Certificate verification during SSL handshake
fails if root CA is trusted
Product: Mono: Class Libraries
Version: SVN
Platform: All
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Mono.Security
AssignedTo: spouliot at novell.com
ReportedBy: gert.driesen at pandora.be
QAContact: mono-bugs at ximian.com
Found By: ---
On the 2.0 profile, HttpWebRequest fails to setup an SSL session if the root CA
is in the Trust store.
Note:
It works fine (on both 1.0 and 2.0 profile) if I do not trust to root CA. Is
this normal?
To reproduce:
1. Add certificate for GlobalSign Root CA to Trust keystore
(http://secure.globalsign.net/cacert/ct_root.crt)
2. Compile and run the following code snippet:
using System;
using System.IO;
using System.Net;
using System.Text;
class Program
{
static int Main (string [] args)
{
HttpWebRequest request = (HttpWebRequest) WebRequest.Create
("https://www.microsoft.com");
request.Method = "GET";
try {
HttpWebResponse response = (HttpWebResponse)
request.GetResponse ();
using (StreamReader sr = new StreamReader
(response.GetResponseStream (), Encoding.UTF8, true)) {
string result = sr.ReadToEnd ();
if (result.IndexOf ("<title>Microsoft
Corporation</title>") == -1) {
Console.WriteLine (result);
return 1;
}
}
response.Close ();
} catch (WebException ex) {
if (ex.Response != null) {
StreamReader sr = new StreamReader
(ex.Response.GetResponseStream ());
Console.WriteLine (sr.ReadToEnd ());
} else {
Console.WriteLine (ex.ToString ());
}
return 2;
}
return 0;
}
}
Expected result:
Successful execution.
Actual result:
System.Net.WebException: Error getting response stream (Write): SendFailure
--->
System.IO.IOException: The authentication or decryption has failed. --->
Mono.S
ecurity.Protocol.Tls.TlsException: Invalid certificate received from server.
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCe
rtificates (Mono.Security.X509.X509CertificateCollection certificates)
[0x00000]
at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsT
ls1 () [0x00000]
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000]
at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.H
andshakeMessage:Process ()
at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mo
no.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IA
syncResult asyncResult) [0x00000] --- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResu
lt asyncResult) [0x00000] --- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult)
[0x0000
0]
at System.Net.HttpWebRequest.GetResponse () [0x00000]
at Program.Main (System.String[] args) [0x00000]
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list