[Mono-dev] Bug with Ssl cert validation
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Tue Mar 18 02:43:23 UTC 2014
This *has* to be a bug in mono. I repeated this problem with mono 3.2.7 (the standard distribution MDK) on mac osx Mavericks fully updated, and 3.2.8 on linux, built from source. No problem on windows. (Win 8.1 Pro fully updated)
On mac and linux, I am aware that there are no trusted root CA's by default. So I ran "mozroots --import --sync" and repeated - still got the same problem - and I tried "sudo mozroots --import --sync --machine" and once again confirmed the same problem. I confirmed that the mozilla root CA's were downloaded and installed to ~/.config/.mono/certs/Trust/ and /usr/share/.mono/certs/Trust/, but still the behavior remains unchanged. Problem on both mac & linux.
Sample code below. When run on mono, throws "System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server."
Does not throw exception on windows.
public static void Main (string args)
string targetHost = "verisign.com"; // pick a site, any site. https server
IPAddress addresses = Dns.GetHostAddresses (targetHost);
var client = new TcpClient ();
client.Connect (addresses ,443);
var mySslStream = new SslStream (client.GetStream(), false, ValidateServerCertificate);
mySslStream.AuthenticateAsClient (targetHost, null, SslProtocols.Tls, false);
catch (Exception e)
System.Console.WriteLine ("Failed: \n"+e.ToString());
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
System.Console.WriteLine (sslPolicyErrors.ToString ());
return (sslPolicyErrors == SslPolicyErrors.None);
More information about the Mono-devel-list