[Mono-dev] Open source .Net, and TLS 1.1 & 1.2
Miguel de Icaza
miguel at xamarin.com
Tue Dec 9 21:09:57 UTC 2014
We would love a test case to add to the test suite.
We are building a new test suite as part of this work anyways.
On Tue, Dec 9, 2014 at 3:21 PM, Edward Ned Harvey (mono) <
edward.harvey.mono at clevertrove.com> wrote:
> > From: Miguel de Icaza [mailto:miguel at xamarin.com]
> > .NET's implementation of the TLS stack is built on top of native code,
> so it
> > wont work on Mono.
> > We have implemented TLS 1.1 and 1.2 on top of the not yet open sourced
> > networking stack and will be publishing it as soon as Microsoft open
> > the .NET networking stack.
> Great news, thank you! A follow-up question:
> In the current released version of mono SslStream, if the server uses a
> cert that is signed by an intermediate chain, *and* a mono SslStream client
> connects, then the client rejects the cert. The root cause is because the
> server does not send the intermediate chain to the client, and the client
> fails to construct the chain. The behavior is specifically a mono-mono
> incompatibility - If either the server or the client is .Net, then the
> problem does not occur, because a windows server sends the chain to the
> client, and a windows client performs guerilla tactics to construct an
> incomplete chain.
> So the question is, how could it be possible to add a test for this
> behavior, presuming it will some day get fixed and then we don't want it to
> happen again?
> I can easily enough write example code to demonstrate the problem. But
> then there's a question about what cert to use for demonstration purposes -
> it's probably best to create a junk CA with intermediate cert, and some
> junk server cert. I could easily enough publish those certs somewhere
> and/or hard-code them into the demonstration code, with something like 30
> year validity.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list