[Mono-dev] NullReferenceException in Mono.Security.X509.X509Certificate.Hash and IsSelfSigned

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Thu May 28 16:31:55 UTC 2015

Recently, I'm encountering a problem where Mozroots is throwing NullReferenceException. I am working on a reproducible example, but until then, I'd like to revisit this issue:

First, here is reproduction code that shows the mac client requires mozroots to be run. This code throws exception on a pristine mac, but succeeds after mozroots has been run:

const string hostname = "google.com";
const int PortNumber = 443;
TcpClient client = new TcpClient();
client.Connect(hostname, PortNumber);
using (var mySslStream = new SslStream (client.GetStream (), leaveInnerStreamOpen: false)) {
    mySslStream.AuthenticateAsClient (targetHost: hostname, clientCertificates: null, enabledSslProtocols: SslProtocols.Tls, checkCertificateRevocation: false);

Given that the above throws exception, I'd like to ask, are there plans to make the SslStream client on mac utilize the system keychain, and if so, how soon might we expect it? The way things are now, we have to bundle a copy of Mozroots in our app, and programmatically call it. I would love to eliminate the need for this.

Right now, MozRoots is throwing the NullReferenceException on this line:
                if (!trusted.Contains (root)) {

When I debug and step through, I can see "root" is a Mono.Security.X509.X509Certificate, where Hash and IsSelfSigned both throw NullReferenceException if they're accessed.

System.NullReferenceException: Object reference not set to an instance of an object
  at Mono.Security.X509.X509Certificate.get_Hash () [0x00057] in /private/tmp/source-mono-mac-4.0.0-branch/bockbuild-mono-4.0.0-branch/profiles/mono-mac-xamarin/build-root/mono-4.0.0/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs:301
  at Mono.Security.X509.X509CertificateCollection.IndexOf (Mono.Security.X509.X509Certificate value) [0x00011] in /private/tmp/source-mono-mac-4.0.0-branch/bockbuild-mono-4.0.0-branch/profiles/mono-mac-xamarin/build-root/mono-4.0.0/mcs/class/Mono.Security/Mono.Security.X509/X509CertificateCollection.cs:123
  at Mono.Security.X509.X509CertificateCollection.Contains (Mono.Security.X509.X509Certificate value) [0x00000] in /private/tmp/source-mono-mac-4.0.0-branch/bockbuild-mono-4.0.0-branch/profiles/mono-mac-xamarin/build-root/mono-4.0.0/mcs/class/Mono.Security/Mono.Security.X509/X509CertificateCollection.cs:95

For reasons that I don't yet understand, this exception occurs when we call the MozRoots class in our app, but does not occur when I run "mozroots" command on the Terminal. So I'm still figuring this out and have not yet got example code to reproduce the issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20150528/b598cbb8/attachment.html>

More information about the Mono-devel-list mailing list