[Mono-dev] cert-sync
Alexander Köplinger
alex.koeplinger at outlook.com
Thu Jan 22 13:19:33 UTC 2015
I don't have those directories. I just tried a small program with SslStream.AuthenticateAsClient() and it indeed fails with the familiar "IOException: The authentication or decryption has failed". After running mozroots this starts working.
Most libraries rely on WebClient/HttpWebRequest under the hood so I guess that's why most users never ran into this on OSX. I wonder what the difference is to SslStream.
-- Alex
> From: edward.harvey.mono at clevertrove.com
> To: alex.koeplinger at outlook.com; mono-devel-list at lists.ximian.com
> Subject: RE: [Mono-dev] cert-sync
> Date: Thu, 22 Jan 2015 12:34:18 +0000
>
> > From: Alexander Köplinger [mailto:alex.koeplinger at outlook.com]
> > Sent: Thursday, January 22, 2015 7:16 AM
> >
> > I just tested as well and was able to run a simple new
> > WebClient().DownloadString("https://www.google.com"); without issues
> > after a fresh install of the Mono MDK on OSX, so I'm not sure why it only
> > works after running mozroots for you?
>
> Interesting. Have a look in these directories:
> ~/.config/.mono/certs/Trust
> /usr/share/.mono/certs/Trust
>
> If you have stuff there, it must have been populated by mozroots, or something. I understand that the latest packages distributed by mono repositories have automated cert-sync in linux during package installation, but that's not yet present on OSX. So on OSX, mozroots or something is necessary to populate the root Trust.
>
> If you don't have those directories - or if they're empty - it will raise new questions about differences between WebClient().DownloadString() versus SslStream.AuthenticateAsClient(). I am using the latter, on mono 3.12 MRE for OSX.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20150122/68f5065a/attachment.html>
More information about the Mono-devel-list
mailing list