[Mono-devel-list] two questions about Mono.Security.dll
liubin
liub at necas.nec.com.cn
Mon Jul 4 02:53:11 EDT 2005
Hello Sebastien,
> Hello Liu,
>
> > I am very interested in the SSL/TLS function of
> > Novell.Directory.Ldap.dll and
> > Mono.Security.dll. I have built the Novell CsharpLDAP's sample source
> > StartTLS.cs with mono1.1.8's Novell.Directory.Ldap.dll Mono.Security.dll
> > on Windows to do some test. And i found two problems about
> > Mono.Security.dll.
> >
> > <1.> The sample code can't work correctly. it always output 91
> > error like follows.
> > So i downloaded the Mono.Security.dll's source from
> > http://svn.myrealbox.com/viewcvs/trunk/mcs/class/Mono.Security/
> > to rebuild
> > the Mono.Security.dll. This sample code can work correctly with this
> > Mono.Security.dll. it seems that this problem was resolved in the
> > new sources.
> >
> > Will mono1.1.9 contain this change and when mono1.1.9 will be released ?
>
> Yes it should (i.e. unless it cause a regression elsewhere) be in 1.1.9 but
> it problably won't be in any 1.1.8.x micro releases.
>
> Could you provide more details about the problem you encountered ? That
> would help ensure the feature doesn't get broken later.
At first, i run starttls.exe and got the following errors.
------------------------------------
-2146762481 (CERT_E_CN_NO_MATCH)
-2146762487 (CERT_E_UNTRUSTEDROOT)
Error:91
------------------------------------
Then i used certmgr to import the server Trusted Root Certificate, there was no
exceptions on this time, but I still got 91 error. So I downloaded the
Mono.Security.dll's source looking for the reason. But the new source was OK.
So i didn't know where the problem is.
>
> Did you try any Mono release before 1.1.8 ? If so was it working ? (i.e. is
> it a regression ?)
I test it in 1.1.7 and 1.1.8, 1.1.7 has the same result with 1.1.8.
>
> The only fixed case I can think of is if you're using Active Directory
> (which requires optional mutual authentication to works).
My Directory server is NEC's Ldap software named as "Enterprise Directory Server".
I also test it on OpenLDAP server, and i got the following errors.
------------------------------------
Error:Key cannot be null.
Parameter name: key
------------------------------------
>From the log, we kown that the reason is that server didn't send
responseName("1.3.6.1.4.1.1466.20037") to the client. I think it should
be OpenLDAP's problem.
And i have tried to modify the CsharpLDAP's source to ignored this error,
then the OpenLDAP server's result is same as "Enterprise Directory Server"'s:
Using Mono.Security 1.1.7 and 1.1.8, we always get 91 error on OpenLDAP server
and Enterprise Directory Server. But the new Mono.Security.dll is OK.
I didn't test it on Active Directory. Perhaps OpenLDAP and
Enterprise Directory Server's problem is the same as Active Directory.
(But i am not sure, because i am not very familiar with SSL/TLS.)
Regards
Liubin
---------------------------------------------------------------------------
Liu Bin
Email: liub at necas.nec.com.cn
---------------------------------------------------------------------------
More information about the Mono-devel-list
mailing list