[Mono-list] WS over HTTPS

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Nov 23 08:05:05 EST 2005 

Hello Pere,

On Wed, 2005-11-23 at 13:29 +0100, Pere Rodríguez wrote:
> Hello,
> 
> I can't connect to a WS that runs over HTTPS.
> With mozilla navigator I can connect to the WS, 

does the browser show any warning when you connect to the site ?

> so I run mozroots to
> install al certificates that use mozilla in my mono machine, but I
> still can't connect to the WS.
> 
> This is the error of the proxy class:
> 
> Error writing request.
> in <0x00237> System.Net.WebConnectionStream:WriteRequest ()
> in <0x0013b> System.Net.WebConnectionStream:Close ()
> in <0x00030> System.IO.StreamWriter:Dispose (Boolean disposing)
> in <0x00014> System.IO.StreamWriter:Close ()
> in <0x0001e> System.Xml.XmlTextWriter:Close ()
> in <0x000b7> System.Web.Services.Protocols.SoapHttpClientProtocol:SendRequest
> (System.IO.Stream s, System.Web.Services.Protocols.SoapClientMessage
> message, System.Web.Services.Protocols.SoapExtension[] extensions)
> in <0x0013e> System.Web.Services.Protocols.SoapHttpClientProtocol:Invoke
> (System.String method_name, System.Object[] parameters)
> 
> 
> If I execute tlstest I obtain this error:
> 
> Error #-2146762490: CERT_E_PURPOSE 0x800B0106

This means the certificate isn't a proper certificate for a SSL server.

> With a sniffer I see from the client to the server this:
> 
> Secure Socket Layer
>    TLS Record Layer: Alert (Level: Warning, Description: Bad Certificate)
>        Content Type: Alert (21)
>        Version: TLS 1.0 (0x0301)
>        Length: 2
>        Alert Message
>            Level: Warning (1)
>            Description: Bad Certificate (42)
> 
> It seems that I don't have installed the certificate, 

How do you get to this (false) conclusion ?

Bad != missing. If you were missing a certificate you'll have either a
"chaining error" or a "trust failure".

> but I previously
> run mozroots and from mozilla navigator I can access to the WS.

And it seems that this worked.

> I run mono over Debian Sarge.
> 
> What can I do?

Open a bug report on bugzilla.ximian.com. Include the https url where I
can download to server certificate or, if this isn't a public server,
attach the certificate to the bug report.
-- 
Sebastien Pouliot
email: sebastien at ximian.com
blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list