[Mono-dev] Bug with Ssl cert validation

Bryan Crotaz bryan.crotaz at silvercurve.co.uk
Tue Mar 18 11:57:18 UTC 2014


I'd love to contribute, but I have now spent several days trying and
failing to compile Mono for Visual Studio so that I can fix bugs in the C#
libraries.  If someone could write a VS2010 solution that can be used to
debug Mono, that would help hundreds of devs like me who just want to fix
their favourite bug.


On 18 March 2014 11:52, Sebastien Pouliot <sebastien.pouliot at gmail.com>wrote:

> On Tue, Mar 18, 2014 at 6:33 AM, Edward Ned Harvey (mono) <
> edward.harvey.mono at clevertrove.com> wrote:
>
>> > From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
>> >
>> >>                         var mySslStream = new SslStream
>> (client.GetStream(), false,
>> >> ValidateServerCertificate);
>> >
>> > if you read the source [1] (or look at the API compatibility page [2])
>> you'll see
>> > that this .ctor is decorated with
>> >
>> >
>> [MonoTODO ("userCertificateValidationCallback is not passed X509Chain and
>> > SslPolicyErrors correctly")]
>> >
>> > Changing it to
>> >
>> > var mySslStream = new SslStream (client.GetStream(), false);
>> >
>> > *and* having run `mozroots` will work.
>>
>> Thank you for this information, but it causes me an equally significant
>> problem.  I need to accept the server cert if it passes validation with
>> mozroots, but if that fails, then I need to get user input to determine if
>> they'll accept the cert.
>>
>> I guess the best way to do this will be to first create the SslStream and
>> AuthenticateAsClient, and  simply wait to see if it succeeds.  If it fails,
>> then throw it away, create a new SslStream with
>> RemoteCertificateValidationCallback, and ignore the X509Chain and
>>  SslPolicyErrors, just simply present the certificate to user.
>>
>> Any better ideas?
>>
>
> Contribute! :-)
>
>
>>
>> Thanks again, for your very prompt and helpful response.   :-)
>>
>
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
>


-- 
Bryan Crotaz
Managing Director
Silver Curve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20140318/ee048278/attachment.html>


More information about the Mono-devel-list mailing list