[Mono-dev] TLS 1.2 Client Certificate Authentication

Mirco Bauer meebey at meebey.net
Thu Aug 3 09:02:28 UTC 2017


since I had troubles with getting client certificate auth to work, I wonder
if you have the same issue. Have you implemented the certificate selection?
Otherwise it will not send the certificate, see:

Best regards,

Mirco (meebey) Bauer

FOSS Hacker             meebey at meebey.net  https://www.meebey.net/
Debian Developer        meebey at debian.org  http://www.debian.org/
GNOME Foundation Member mmmbauer at gnome.org http://www.gnome.org/
CTO @ Gatecoin Ltd.     mirco at gatecoin.com https://gatecoin.com/
.NET Foundation Advisory Council Member    http://www.dotnetfoundation.org/
PGP-Key ID              0x7127E5ABEEF946C8 https://meebey.net/pubkey.asc

On Thu, Jul 27, 2017 at 8:50 PM, ashr <ashr at ashr.net> wrote:

> Hi guys,
> I've been trying to connect to a threat repository to suck intel feeds
> down with Mono. The interface use a client certificate and basic auth to
> validate the connection.
> I've played with mono versions from the version that comes with Xenial,
> all the way through to Mono JIT compiler version The furthest
> I've come was on the latest version, I can see it at least tries to speak TLS
> 1.2, but something goes wrong before the Client Key Exchange, (so I'm  guessing
> the Server Key exchange fails, wild guess from wireshark caps, I'm not an
> expert in SSL handshakes).
> This is the code I'm using to set this connection up:*https://pastebin.com/Ei3bsjdF
> <https://pastebin.com/Ei3bsjdF>*
> * The MyRemoteCertificateValidationCallback validates the server cert
> without error and Mono seems to add the client certificate to the request
> just fine as well.
> A paste with the error that occurs during runtime (SecureChannelFailure
> (Syscall)): *https://pastebin.com/sUXQf9KF
> <https://pastebin.com/sUXQf9KF>*
> Screenshot of wireshark cap of the connection process: *https://imagebin.ca/v/3UjPy99nEI94
> <https://imagebin.ca/v/3UjPy99nEI94>*
> Screenshot of a wireshark cap of a working connection through python
> (Using the same client side certificate connecting to same backend): *https://imagebin.ca/v/3UjQdz43jKSQ
> <https://imagebin.ca/v/3UjQdz43jKSQ>*
> When I get some time tonight and during the weekend, I'll try set up a
> server with client side auth and test it locally as well, but if any of you
> gurus have an idea of what is going wrong or how to troubleshoot further,
> please let me know ?
> Many thanks
> ash
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.dot.net
> http://lists.dot.net/mailman/listinfo/mono-devel-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20170803/0f99a979/attachment.html>

More information about the Mono-devel-list mailing list