[Mono-dev] HTTPS - MS .NET Client - Linux Mono Server - Interoperability

[Yngve Zackrisson]

Hi.

I (like Martin Hinks) have problems with the interoperability 
between a MS .NET HTTPS client and a Linux (Fedora Core 3) Mono server.
What I like to do is a HTTPS call from my MS .NET client to 
the Linux Mono server.


TEST1: mutual
-------------

My first test is based on the Mono mutual authentication example:

http://svn.myrealbox.com/source/trunk/mcs/class/Mono.Security/Test/tools/mutual/

The difference is that I create the certificates with openSSL 
and run the client on Win32 and MS .NET.

On my client I run: 

$ mutual.exe me292 TLS client16-cert.p12 xxxxxx

(where me292 is my server DNS and xxxxxx is the p12 password)

I then get: 

...
CertificateValidation
CERTIFICATE: 
    ....

    Error(s)
        #-2146762487 

Meaning untrusted root, for my server certificate.
I have created a trusted CA cert using openssl x509 with the -trustout
option. What is the problem?. Must I have the .p12 in the Windows store?



After the printout of:
...
PrivateKeySelection 
    ...

    PrivateKeySelection(1) 

no more happens on the client side.


On the server side I run:

$ openssl s_server -www -cert server16-cert.pem -key server16-key.pem
-verify client16-cert.pem -CAfile cacert16t.pem

and get: 

verify depth is 0
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
bad gethostbyaddr
depth=1 /C=SE/L=Stockholm/O=Test Company AB/OU=IT Department -
CA/CN=me292
validity return:1
depth=0 /C=SE/L=Sundsvall/O=Customer Company 16 AB/CN=Mirsad
validity return:1


AFAIK, A "Hello" should be written on the server.


TEST2: server
-------------

I have also made test with the Mono server example.

http://svn.myrealbox.com/source/trunk/mcs/class/Mono.Security/Test/tools/server/

Here I have had problems generating the private key of type .pvk.
In openssl there is an new option: 

openssl rsa -in server16-key.pem -pvk-strong -out
server16-key.strong.pvk
  "				 -pvk-weak    "	
  "				 -pvk-none    "

And I have tried all of them, But none have helped.


On the Mono server I run: 

$ mono --debug --verbose MonoSslHttpServer.exe 
 
I get a : 

System.Security.Cryptography.CryptographicException 

on the Mono server side in : 

(Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:.ctor (...)
Mono.Security.Protocol.Tls.Handshake.Server.TlsClientCertificate.ProcessAsTls1 () 

Can this exception occure due to that the created pvk-file format 
is not compatible with the makecert equalent?
Or can this be a result of some other thing?.


On the client side I now run on Linux the command: 

$ openssl s_client -connect 192.168.0.246:4433 -key
private/client16u-key.pem -cert client16u-cert.pem -CAfile cacert16t.pem
-state -msg

An I get the result (only the last part extracted): 

...
SSL_connect:SSLv3 write client key exchange A
>>> TLS 1.0 Handshake [length 0046], CertificateVerify
    0f 00 00 42 00 40 3c de b4 0f 64 47 38 d3 ce e5
    f8 24 58 de 2c b1 25 23 4d 9a dd b8 e1 56 de 33
    20 6f c7 86 c6 a0 08 b9 a4 47 45 62 99 47 d0 2a
    36 b2 76 1e 54 30 20 09 e6 6e 36 96 4c 2d b9 a5
    2a 80 20 a5 87 3d
SSL_connect:SSLv3 write certificate verify A
>>> TLS 1.0 ChangeCipherSpec [length 0001]
    01
SSL_connect:SSLv3 write change cipher spec A
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 18 1c 7c a3 bf 98 d8 71 fb a3 cf 25
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< TLS 1.0 Alert [length 0002], warning internal_error
    01 50
SSL3 alert read:warning:internal error
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A
write:errno=104


Anyone that can help?
May my problems be because i use openssl?
Anyone that have done a working HTTPS call from a MS .NET client 
to a Linux Mono server before?.
FYI, On the client i run Microsoft Windows 2000, SP4 
(emulated with WMware workstation).



Regards  


Yngve Zackrisson.