[Mono-dev] Problem with CA sending certified emails

APS dev.malst at apsystems.it
Tue Jun 22 11:33:49 EDT 2010 

Hello,

I tried to import the root certificate in 'Trust' store instead of 
'CA' using certmgr (certmgr --add -c -m Trust certca.crt).

The error seems to be different: there isn't the 
RemoteCertificateChainErrors, but there is still the 
RemoteCertificateNotAvailable message.

This is the error stack:

System.Net.Mail.SmtpException: Message could not be sent. ---> 
System.IO.IOException: The authentication or decryption has failed. 
---> System.InvalidOperationException: SSL authentication error: 
RemoteCertificateNotAvailable at System.Net.Mail.SmtpClient.m__3 
(System.Object sender, 
System.Security.Cryptography.X509Certificates.X509Certificate 
certificate, System.Security.Cryptography.X509Certificates.X509Chain 
chain, SslPolicyErrors sslPolicyErrors) [0x00000] in :0 at 
System.Net.Security.SslStream+c__AnonStorey7.<>m__9 
(System.Security.Cryptography.X509Certificates.X509Certificate cert, 
System.Int32[] certErrors) [0x00000] in :0 at 
Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation 
(System.Security.Cryptography.X509Certificates.X509Certificate 
certificate, System.Int32[] errors) [0x00000] in :0 at 
Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation 
(System.Security.Cryptography.X509Certificates.X509Certificate 
certificate, System.Int32[] errors) [0x00000] in :0 at 
Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation 
(System.Security.Cryptography.X509Certificates.X509Certificate 
certificate, System.Int32[] certificateErrors) [0x00000] in :0 at 
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates 
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000] 
in :0 at 
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 
() [0x00000] in :0 at 
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () 
[0x00000] in :0 at (wrapper remoting-invoke-with-check) 
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () at 
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage 
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in :0 at 
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback 
(IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception 
stack trace --- at 
Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback 
(IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception 
stack trace --- at System.Net.Mail.SmtpClient.Send 
(System.Net.Mail.MailMessage message) [0x00000] in :0


At 13.49 22/06/2010, Sebastien Pouliot wrote:
>Hello,
>
>Installing CA certificate(s) won't create a trust relationship. For this
>you need to install the root certificate in the Trust store (that's what
>mozroots does, but that's not what you're doing with certmgr).
>
>Make sure you get the root certificate (generally the one that is
>signing the CA certificate) and use 'Trust' instead of 'CA' with
>certmgr.
>
>Sebastien
>
>On Mon, 2010-06-21 at 17:22 +0200, APS wrote:
> > I forgot to say that I'm using Mono 2.6.4 VM and it works for google
> > but not for another provider (Actalis).
> >
> > At 17.09 21/06/2010, you wrote:
> > >Hello,
> > >
> > >I tried replacing the Mono.Security.dll file with the one from 2.6, it
> > >didn't work for me:
> > >http://stackoverflow.com/questions/2884290/ssl-authentication-err 
> or-remotecertificatechainerrors-on-asp-net-on-ubuntu
> > >
> > >I tried having a parallel installation of 2.6, and redirecting
> > >mod_mono to use the new one, it didn't work for me:
> > >http://lists.ximian.com/pipermail/mono-aspnet-list/2010-March/000668.html
> > >
> > >My next attempt is to use http://badgerports.org/ to upgrade the whole
> > >thing to 2.6. My current workaround is to use:
> > >http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via- 
> smtpgmailcom/
> > >and send mail to localhost.
> > >
> > >
> > >Joe
> > >
> > > > Message: 3
> > > > Date: Mon, 21 Jun 2010 11:52:38 +0200
> > > > From: APS <dev.malst at apsystems.it>
> > > > Subject: [Mono-dev] Problem with CA sending certified emails
> > > > To: mono-devel-list at lists.ximian.com
> > > > Message-ID: <MAILSERVERDIfWb4SaF00000580 at mail.apsystems.it>
> > > > Content-Type: text/plain; charset="us-ascii"
> > > >
> > > > Hi everyone,
> > > >
> > > > I need your help cause I've problems sending certified mail with mono
> > > > and a specific provider.
> > > > I tried with gmail as explained in
> > > >
> > > 
> <http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F>http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F
> > > > and it works.
> > > > Using same code with another local email provider also works.
> > > > Using same code with a third email provider in windows I have to
> > > > manually install the CA certificate, if I do that in local computer
> > > > store I'm able to send certified mails.
> > > > In mono I installed the CA certificate using
> > > >
> > > > certmgr --add -c -m CA /tmp/certca.crt
> > > >
> > > > but sending mails I receive the following error, if I launch
> > > >
> > > > certmgr -list -c -m CA
> > > >
> > > > I see the gmail certificate and my new certificate, what I'm 
> doing wrong?
> > > >
> > > > Here is the error.
> > > >
> > > > System.Net.Mail.SmtpException: Message could not be sent. --->
> > > > System.IO.IOException: The authentication or decryption has failed.
> > > > ---> System.InvalidOperationException: SSL authentication error:
> > > > RemoteCertificateNotAvailable, RemoteCertificateChainErrors
> > > >   at System.Net.Mail.SmtpClient.<callback>m__3 (System.Object
> > > > sender, System.Security.Cryptography.X509Certificates.X509Certificate
> > > > certificate, System.Security.Cryptography.X509Certificates.X509Chain
> > > > chain, SslPolicyErrors sslPolicyErrors) [0x00000] in 
> <filename unknown>:0
> > > >   at
> > > >
> > > 
> System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__9
> > > > (System.Security.Cryptography.X509Certificates.X509Certificate cert,
> > > > System.Int32[] certErrors) [0x00000] in <filename unknown>:0
> > > >   at
> > > > 
> Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
> > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > > >   at
> > > > 
> Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation
> > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > > >   at
> > > > 
> Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
> > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > certificate, System.Int32[] certificateErrors) [0x00000] in <filename
> > > > unknown>:0
> > > >   at
> > > >
> > > 
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> > > > (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> > > > in <filename unknown>:0
> > > >   at
> > > >
> > > 
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> > > > () [0x00000] in <filename unknown>:0
> > > >   at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process
> > > > () [0x00000] in <filename unknown>:0
> > > >   at (wrapper remoting-invoke-with-check)
> > > > Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
> > > >   at
> > > > Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> > > > (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
> > > > unknown>:0
> > > >   at
> > > > Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> > > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > > >   --- End of inner exception stack trace ---
> > > >   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> > > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > > >   --- End of inner exception stack trace ---
> > > >   at System.Net.Mail.SmtpClient.Send (System.Net.Mail.MailMessage
> > > > message) [0x00000] in <filename unknown>:0
> > > > -------------- next part --------------
> > > > An HTML attachment was scrubbed...
> > > > URL:
> > > 
> http://lists.ximian.com/pipermail/mono-devel-list/attachments/20100621/ff8290df/attachment-0001.html
> > > >
> > >_______________________________________________
> > >Mono-devel-list mailing list
> > >Mono-devel-list at lists.ximian.com
> > >http://lists.ximian.com/mailman/listinfo/mono-devel-list
> > >
> > >--
> > >Il messaggio e' stato analizzato alla ricerca di virus o
> > >contenuti pericolosi da MailScanner, ed e'
> > >risultato non infetto.
> >
> >
> > _______________________________________________
> > Mono-devel-list mailing list
> > Mono-devel-list at lists.ximian.com
> > http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
>
>
>--
>Il messaggio e' stato analizzato alla ricerca di virus o
>contenuti pericolosi da MailScanner, ed e'
>risultato non infetto.

More information about the Mono-devel-list mailing list