[Mono-dev] cert-sync

Alexander Köplinger alex.koeplinger at outlook.com
Thu Jan 22 13:19:33 UTC 2015


I don't have those directories. I just tried a small program with SslStream.AuthenticateAsClient() and it indeed fails with the familiar "IOException: The authentication or decryption has failed". After running mozroots this starts working.
 
Most libraries rely on WebClient/HttpWebRequest under the hood so I guess that's why most users never ran into this on OSX. I wonder what the difference is to SslStream.
-- Alex
 
> From: edward.harvey.mono at clevertrove.com
> To: alex.koeplinger at outlook.com; mono-devel-list at lists.ximian.com
> Subject: RE: [Mono-dev] cert-sync
> Date: Thu, 22 Jan 2015 12:34:18 +0000
> 
> > From: Alexander Köplinger [mailto:alex.koeplinger at outlook.com]
> > Sent: Thursday, January 22, 2015 7:16 AM
> > 
> > I just tested as well and was able to run a simple new
> > WebClient().DownloadString("https://www.google.com");  without issues
> > after a fresh install of the Mono MDK on OSX, so I'm not sure why it only
> > works after running mozroots for you?
> 
> Interesting.  Have a look in these directories:
> 	~/.config/.mono/certs/Trust
> 	/usr/share/.mono/certs/Trust
> 
> If you have stuff there, it must have been populated by mozroots, or something.  I understand that the latest packages distributed by mono repositories have automated cert-sync in linux during package installation, but that's not yet present on OSX.  So on OSX, mozroots or something is necessary to populate the root Trust.
> 
> If you don't have those directories - or if they're empty - it will raise new questions about differences between WebClient().DownloadString() versus SslStream.AuthenticateAsClient().  I am using the latter, on mono 3.12 MRE for OSX.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20150122/68f5065a/attachment.html>


More information about the Mono-devel-list mailing list