[Mono-devel-list] two questions about Mono.Security.dll

liubin liub at necas.nec.com.cn
Mon Jul 4 02:53:11 EDT 2005

Hello Sebastien,

> Hello Liu,
> > I am very interested in the SSL/TLS function of
> > Novell.Directory.Ldap.dll and
> > Mono.Security.dll. I have built the Novell CsharpLDAP's sample source
> > StartTLS.cs with mono1.1.8's Novell.Directory.Ldap.dll Mono.Security.dll
> > on Windows to do some test. And i found two problems about
> > Mono.Security.dll.
> >
> > <1.> The sample code can't work correctly. it always output 91
> > error like follows.
> > So i downloaded the Mono.Security.dll's source from
> > http://svn.myrealbox.com/viewcvs/trunk/mcs/class/Mono.Security/
> > to rebuild
> > the Mono.Security.dll. This sample code can work correctly with this
> > Mono.Security.dll. it seems that this problem was resolved in the
> > new sources.
> >
> > Will mono1.1.9 contain this change and when mono1.1.9 will be released ?
> Yes it should (i.e. unless it cause a regression elsewhere) be in 1.1.9 but
> it problably won't be in any 1.1.8.x micro releases.
> Could you provide more details about the problem you encountered ? That
> would help ensure the feature doesn't get broken later.
At first, i run starttls.exe and got the following errors.
 -2146762481 (CERT_E_CN_NO_MATCH)
Then i used certmgr to import the server Trusted Root Certificate, there was no
exceptions on this time, but I still got 91 error. So I downloaded the 
Mono.Security.dll's source looking for the reason. But the new source was OK.
So i didn't know where the problem is.

> Did you try any Mono release before 1.1.8 ? If so was it working ? (i.e. is
> it a regression ?)
I test it in 1.1.7 and 1.1.8, 1.1.7 has the same result with 1.1.8.

> The only fixed case I can think of is if you're using Active Directory
> (which requires optional mutual authentication to works).

My Directory server is NEC's Ldap software named as "Enterprise Directory Server".
I also test it on OpenLDAP server, and i got the following errors.
Error:Key cannot be null.
Parameter name: key
>From the log, we kown that the reason is that server didn't send 
responseName("") to the client. I think it should 
be OpenLDAP's problem.
And i have tried to modify the CsharpLDAP's source to ignored this error,
then the OpenLDAP server's result is same as "Enterprise Directory Server"'s:
Using Mono.Security 1.1.7 and 1.1.8, we always get 91 error on OpenLDAP server
and Enterprise Directory Server. But the new Mono.Security.dll is OK.

I didn't test it on Active Directory. Perhaps OpenLDAP and 
Enterprise Directory Server's problem is the same as Active Directory.
(But i am not sure, because i am not very familiar with SSL/TLS.)

Liu Bin
Email: liub at necas.nec.com.cn

More information about the Mono-devel-list mailing list