[Mono-devel-list] RE: [Mono-list] Accessing secure site: x509 + basic authentication

[Sebastien Pouliot]

Hello Oliver,

> > > I'm attempting to access a secured site using Mono, the site uses
> > > certification (https) and basic authentication.
> >
> > Are you using client-side certificates ? or only server-side ?
> > If you're using client-side (like your code seems to) then why
> do you need a
> > username/password ?
>
> It's a client-side certificate, the username and password is used for
> basic authentication which is also a requirement for the site.

Hmmm... uncommon configuration.

> > You only have to supply a certificate for client-side SSL
> authentication.
> > If this is the case then the code is incomplete for Mono - as
> Mono has no
> > way to "detect" the private key associated with the certificate.
>
> Ah, this would be the problem then.  Is there a work-around?

The internal classes (in Mono.Security.dll) can use client-side certificates
by using a delegate to select a private key. However we cannot reproduce
this in System.dll without breaking binary compatibility. Your best bet is
to
(a) detect the current runtime (Mono or MS);
(b) use reflection to get the internal class SslClientStream;
(c) plug your delegate;

Not cute. No warranty this will work in future release.

Fx 2.0 has better X.509 certificate support (e.g. it has a notion that a
private key is related to the certificate) so Mono should be able to support
client-side certificates with WebRequest in a cleaner (and uniform) way.

Sebastien