[Mono-dev] HTTPS - MS .NET Client - Linux Mono Server - Interoperability

Yngve Zackrisson yngve.zackrisson at mobila-kontoret.se
Mon Sep 26 10:26:19 EDT 2005


I (like Martin Hinks) have problems with the interoperability 
between a MS .NET HTTPS client and a Linux (Fedora Core 3) Mono server.
What I like to do is a HTTPS call from my MS .NET client to 
the Linux Mono server.

TEST1: mutual

My first test is based on the Mono mutual authentication example:


The difference is that I create the certificates with openSSL 
and run the client on Win32 and MS .NET.

On my client I run: 

$ mutual.exe me292 TLS client16-cert.p12 xxxxxx

(where me292 is my server DNS and xxxxxx is the p12 password)

I then get: 



Meaning untrusted root, for my server certificate.
I have created a trusted CA cert using openssl x509 with the -trustout
option. What is the problem?. Must I have the .p12 in the Windows store?

After the printout of:


no more happens on the client side.

On the server side I run:

$ openssl s_server -www -cert server16-cert.pem -key server16-key.pem
-verify client16-cert.pem -CAfile cacert16t.pem

and get: 

verify depth is 0
Using default temp DH parameters
Using default temp ECDH parameters
bad gethostbyaddr
depth=1 /C=SE/L=Stockholm/O=Test Company AB/OU=IT Department -
validity return:1
depth=0 /C=SE/L=Sundsvall/O=Customer Company 16 AB/CN=Mirsad
validity return:1

AFAIK, A "Hello" should be written on the server.

TEST2: server

I have also made test with the Mono server example.


Here I have had problems generating the private key of type .pvk.
In openssl there is an new option: 

openssl rsa -in server16-key.pem -pvk-strong -out
  "				 -pvk-weak    "	
  "				 -pvk-none    "

And I have tried all of them, But none have helped.

On the Mono server I run: 

$ mono --debug --verbose MonoSslHttpServer.exe 
I get a : 


on the Mono server side in : 

(Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:.ctor (...)
Mono.Security.Protocol.Tls.Handshake.Server.TlsClientCertificate.ProcessAsTls1 () 

Can this exception occure due to that the created pvk-file format 
is not compatible with the makecert equalent?
Or can this be a result of some other thing?.

On the client side I now run on Linux the command: 

$ openssl s_client -connect -key
private/client16u-key.pem -cert client16u-cert.pem -CAfile cacert16t.pem
-state -msg

An I get the result (only the last part extracted): 

SSL_connect:SSLv3 write client key exchange A
>>> TLS 1.0 Handshake [length 0046], CertificateVerify
    0f 00 00 42 00 40 3c de b4 0f 64 47 38 d3 ce e5
    f8 24 58 de 2c b1 25 23 4d 9a dd b8 e1 56 de 33
    20 6f c7 86 c6 a0 08 b9 a4 47 45 62 99 47 d0 2a
    36 b2 76 1e 54 30 20 09 e6 6e 36 96 4c 2d b9 a5
    2a 80 20 a5 87 3d
SSL_connect:SSLv3 write certificate verify A
>>> TLS 1.0 ChangeCipherSpec [length 0001]
SSL_connect:SSLv3 write change cipher spec A
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 18 1c 7c a3 bf 98 d8 71 fb a3 cf 25
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< TLS 1.0 Alert [length 0002], warning internal_error
    01 50
SSL3 alert read:warning:internal error
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A

Anyone that can help?
May my problems be because i use openssl?
Anyone that have done a working HTTPS call from a MS .NET client 
to a Linux Mono server before?.
FYI, On the client i run Microsoft Windows 2000, SP4 
(emulated with WMware workstation).


Yngve Zackrisson.

More information about the Mono-devel-list mailing list