[Mono-bugs] [Bug 336058] New: SSL renegotiation problem with webservice client-side certificates

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Oct 23 12:08:58 EDT 2007


           Summary: SSL renegotiation problem with webservice client-side
           Product: Mono: Class Libraries
           Version: 1.2
          Platform: i386
        OS/Version: RHEL 4
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Sys.Web.Services
        AssignedTo: atsushi at ximian.com
        ReportedBy: samuel_carriere at hotmail.com
         QAContact: mono-bugs at ximian.com
          Found By: Other

There is an issue with webservice client certificates with mono 1.2.5 : it
seems not to support SSL renegotiation.

Apache configuration :
The Apache httpd server doesn't require client authentication, except for the
"/webservice" location.
The httpd.conf configuration file contents :

SSLVerifyClient none
<Location /webservice>
   SSLVerifyClient require

This kind of configuration causes a SSL security renegotiation (see
when the client hits this kind of URL : https://server/webservice/server.php

Mono test case :
This is a simple web service call, with client certificate.

static void Main(string[] args)
   // Instanciate webservice client, with client certificate
   WSAddition.Addition client = new testWsSSL.WSAddition.Addition();
   X509Certificate2 Cert = new X509Certificate2("/my/clientCertificate.p12",
   // Call webservice method
   int result = client.add(5,6);
   Console.WriteLine("Result : " + result);

This test program crashes with the following stack trace :

Unhandled Exception: System.Net.WebException: Error getting response stream
(ReadDone1): ReceiveFailure ---> System.IO.IOException: EndWrite failure --->
System.Net.Sockets.SocketException: The socket has been shut down
  at System.Net.Sockets.Socket+SocketAsyncResult.CheckIfThrowDelayedException
() [0x00000]
  at System.Net.Sockets.Socket.EndSend (IAsyncResult asyncResult,
System.Net.Sockets.SocketError& errorCode) [0x00000]
  at System.Net.Sockets.Socket.EndSend (IAsyncResult result) [0x00000]
  at System.Net.Sockets.NetworkStream.EndWrite (IAsyncResult ar) [0x00000] ---
End of inner exception stack trace ---

  at System.Net.Sockets.NetworkStream.EndWrite (IAsyncResult ar) [0x00000]
  at Mono.Security.Protocol.Tls.RecordProtocol.EndSendRecord (IAsyncResult
asyncResult) [0x00000]
  at Mono.Security.Protocol.Tls.RecordProtocol.SendRecord (ContentType
contentType, System.Byte[] recordData) [0x00000]
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert
(Mono.Security.Protocol.Tls.Alert alert) [0x00000]
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] --- End of inner exception stack trace ---

  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult)
  at System.Net.HttpWebRequest.GetResponse () [0x00000]
  at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse
(System.Net.WebRequest request) [0x00000]

It doesn't crash with this apache configuration :

SSLVerifyClient require
<Location /webservice>
   SSLVerifyClient require

Another thing worth to mention : there seems to be no SSL renegotiation problem
with the HttpWebRequest class, because this test program works :

static void Main(string[] args)
   HttpWebRequest Request =
   X509Certificate2 Cert = new X509Certificate2("/my/clientCertificate.p12",

   Request.UserAgent = "Client Cert Sample";
   Request.Method = "GET";
   HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
   // Print the repsonse headers.
   // Get the certificate data.
   StreamReader sr = new StreamReader(Response.GetResponseStream(),
   int count;
   char [] ReadBuf = new char[1024];
      count = sr.Read(ReadBuf, 0, 1024);
      if (0 != count)
         Console.WriteLine(new string(ReadBuf));

   }while(count > 0);

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list