[Mono-list] Re: Mono.Security

Sébastien Pouliot spouliot@videotron.ca
Mon, 15 Dec 2003 09:04:37 -0500


Sunil,

>>c.	Linux, Mono runtime/class library

Ok, I got 0.29 working on RH9 - it may not be 100% CVS as it required some
tweaking to recover but close enough.

The good/bad news is that mono doesn't seems to have any problem to parse
your certificate.

Carlos, are you able to reproduce the bug using the two files ?


Sebastien Pouliot
Security Architect, Motus Technologies, http://www.motus.com
work: spouliot@motus.com
home: spouliot@videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html


-----Original Message-----
From: mono-list-admin@lists.ximian.com
[mailto:mono-list-admin@lists.ximian.com]On Behalf Of Sébastien Pouliot
Sent: 15 décembre 2003 07:58
To: Sunil Kumar
Cc: mono-list@lists.ximian.com
Subject: RE: [Mono-list] Re: Mono.Security


Sunil,

>>>b.	Windows, Mono runtime/class library
>Since I haven't configured Mono on a windows box, I wasn't able to complete
this scenario.

That works for me using mono 0.28.

I guess it's time I try to repair my RH9 setup (or re-install).

Sebastien Pouliot
Security Architect, Motus Technologies, http://www.motus.com
work: spouliot@motus.com
home: spouliot@videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html


-----Original Message-----
From: Sunil Kumar [mailto:Sunilk@novell.com]
Sent: 12 décembre 2003 06:29
To: carlosga@telefonica.net; spouliot@videotron.ca
Cc: mono-list@lists.ximian.com; Parameswaran S
Subject: RE: [Mono-list] Re: Mono.Security


Sebastin,
  I wasn't able to file bug report since we have some problem with HTTP
services here right now. I am attaching all the details with this mail only.

>>a.	Windows, MS.NET runtime/class library
I got following Result after runnign the test program:-

CERTIFICATE:
        Format:  X509
        Name:  OU=Organizational CA, O=SUNILK-TREE
        Issuing CA:  OU=Organizational CA, O=SUNILK-TREE
        Key Algorithm:  1.2.840.113549.1.1.1
        Serial Number:
27120202EBE69CCC8556EA84716043D2F8CC2981B8B2A54D75094975
EAD0EC111C02
        Key Alogrithm Parameters:  0500
        Public Key:
3082010A0282010100A320C0566649D81D91EED21CD2569F9A71DA94A69
F7FCB256AB27A94A8864E2DAC5DADD4D74D8206909F19AB48A5F6E5845BECB6EE9546C29B8CA
6745
AA0147F6DF56560E997B6DD2B280868AB5090D154F945829F22203615430CC9EC84D8F80E1F4
1702
0F2BCC3C9A4FDA94A04E7146EA1532611CB35B831F329E7FAAD4E66406FC8BFBF5F49CB5D112
32B6
F3B4823F2A1E61F906D862D5FBBDCB3E95B2C8E39F04EC7EF4C42A2BC90731415188FAF81601
48BC
6195762023AA25E325D9F90BB1801056D7B0D6C0029520F9E0C4233CB8E785962CF01A512DC2
5F38
868529E904EE3CD7440606C9866EBF0C13239333DD0533902542C61330D5EFAEDB996DF02030
1000
1

>>b.	Windows, Mono runtime/class library
Since I haven't configured Mono on a windows box, I wasn't able to complete
this scenario.

>>c.	Linux, Mono runtime/class library
I got following Result after runnign the test program:-

Unhandled Exception: System.Security.Cryptography.CryptographicException:
Input data cannot be coded as a valid certificate.
#0: 0x00349 throw      in Mono.Security.X509.X509Certificate::Parse
([O:0x81b3aa0] )
#1: 0x0000e callvirt   in Mono.Security.X509.X509Certificate::.ctor
([O:0x81b3aa0] )
#2: 0x0000e newobj     in
System.Security.Cryptography.X509Certificates.X509Certificate::.ctor
([O:0x81b3aa0] [1] )
#3: 0x00003 call       in
System.Security.Cryptography.X509Certificates.X509Certificate::.ctor
([O:0x81b3aa0] )
#4: 0x00030 newobj     in
System.Security.Cryptography.X509Certificates.X509Certificate::CreateFromCer
tFile ([O:0x81abe70] )
#5: 0x00003 call       in .X509CertTester::Main ([O:0x8146f78] )



I have attached the Test program and certificate with this mail.


Regards,
Sunil




>>> Sébastien Pouliot <spouliot@videotron.ca> 12/11/2003 7:20:33 PM >>>
Sunil,

Ok it's getting stranger. I seems in sync with CVS and can't duplicate the
problem with the 2 "candidate" certificates I got (the one from
https://www.nldap.com and the one that Carlos sent me).

Can you try, with your certificate, the following code ...

using System;
using System.Security.Cryptography.X509Certificates;

class X509Tester {
	[STAThread]
	static void Main (string[] args)
	{
		X509Certificate x = X509Certificate.CreateFromCertFile (args[0]);
		Console.WriteLine (x.ToString (true));
	}
}

... on
a.	Windows, MS.NET runtime/class library
b.	Windows, Mono runtime/class library
c.	Linux, Mono runtime/class library

and fill a bug report with the results and the certificate used. I'll look
into this ASAP.
Thanks

Sebastien Pouliot
Security Architect, Motus Technologies, http://www.motus.com
work: spouliot@motus.com
home: spouliot@videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html


-----Original Message-----
From: mono-list-admin@lists.ximian.com
[mailto:mono-list-admin@lists.ximian.com]On Behalf Of Sunil Kumar
Sent: 11 décembre 2003 00:22
To: Matt Ryan; carlosga@telefonica.net
Cc: mono-list@lists.ximian.com; Parameswaran S
Subject: Re: [Mono-list] Re: Mono.Security


Looks like there is some problem with the Mono's
System.Security.Cryptography.X509Certificates.X509Certificate class.
I tried to create a certicate object using CreateFromCertFile method and a
ASN1 DER encoded certicate file  ,but its throwing exception. I did the same
thing on windows using MS .NET with the same certificate file and its
working. Below is the code snippet:-

try{
X509Certificate cert = X509Certificate.CreateFromCertFile(certfile);
}Catch(Exception e)
{
        Console.WriteLine("Error:" + e.Message);
        return;
}

On linux it throws following exception:-
Error: Input data cannot be coded as a valid certificate.

Regards
Sunil.

>>> Carlos Guzmán Álvarez <carlosga@telefonica.net> 12/9/2003 9:56:53 PM >>>
Hello:

> There is also an internet-accessible eDirectory server that (I'm told)
 > anyone can use for testing purposes, at http://www.ndlap.com.

Thanks very much.

I have made a little test trying to negotiate the Handshake protocol
against the www.nldap.com using .NET 1.0 and the SSL/TLS libraries
sources from my local tree, with success, i will try to make the same
test using mono, and update the mono cvs sources as soon as possible.






--
Best regards

Carlos Guzmán Álvarez
Vigo-Spain

_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list

_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list

_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list

_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list