[Mono-list] WS over HTTPS

Pere Rodríguez pere.rodriguez.rodriguez at gmail.com
Wed Nov 23 10:03:21 EST 2005 

Hello Sebastien,

2005/11/23, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> Hello Pere,
>
> On Wed, 2005-11-23 at 13:29 +0100, Pere Rodríguez wrote:
> > Hello,
> >
> > I can't connect to a WS that runs over HTTPS.
> > With mozilla navigator I can connect to the WS,
>
> does the browser show any warning when you connect to the site ?

With mozilla -> Ok, mozilla don't show any warning.

With Lynx -> 1 warning:

SSL error:Can't find common name in certificate-Continue? (y)

Is the problem in the CN field?


>
> > so I run mozroots to
> > install al certificates that use mozilla in my mono machine, but I
> > still can't connect to the WS.
> >
> > This is the error of the proxy class:
> >
> > Error writing request.
> > in <0x00237> System.Net.WebConnectionStream:WriteRequest ()
> > in <0x0013b> System.Net.WebConnectionStream:Close ()
> > in <0x00030> System.IO.StreamWriter:Dispose (Boolean disposing)
> > in <0x00014> System.IO.StreamWriter:Close ()
> > in <0x0001e> System.Xml.XmlTextWriter:Close ()
> > in <0x000b7> System.Web.Services.Protocols.SoapHttpClientProtocol:SendRequest
> > (System.IO.Stream s, System.Web.Services.Protocols.SoapClientMessage
> > message, System.Web.Services.Protocols.SoapExtension[] extensions)
> > in <0x0013e> System.Web.Services.Protocols.SoapHttpClientProtocol:Invoke
> > (System.String method_name, System.Object[] parameters)
> >
> >
> > If I execute tlstest I obtain this error:
> >
> > Error #-2146762490: CERT_E_PURPOSE 0x800B0106
>
> This means the certificate isn't a proper certificate for a SSL server.
>
> > With a sniffer I see from the client to the server this:
> >
> > Secure Socket Layer
> >    TLS Record Layer: Alert (Level: Warning, Description: Bad Certificate)
> >        Content Type: Alert (21)
> >        Version: TLS 1.0 (0x0301)
> >        Length: 2
> >        Alert Message
> >            Level: Warning (1)
> >            Description: Bad Certificate (42)
> >
> > It seems that I don't have installed the certificate,
>
> How do you get to this (false) conclusion ?
>
> Bad != missing. If you were missing a certificate you'll have either a
> "chaining error" or a "trust failure".

Ok. If I remove certificates then I see:

Secure Socket Layer
    TLS Record Layer: Alert (Level: Warning, Description: Unknown CA)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Warning (1)
            Description: Unknown CA (48)



> > but I previously
> > run mozroots and from mozilla navigator I can access to the WS.
>
> And it seems that this worked.

Yes

>
> > I run mono over Debian Sarge.
> >
> > What can I do?
>
> Open a bug report on bugzilla.ximian.com. Include the https url where I
> can download to server certificate or, if this isn't a public server,
> attach the certificate to the bug report.

Ok, I do it.

> --
> Sebastien Pouliot
> email: sebastien at ximian.com
> blog: http://pages.infinit.net/ctech/
>
>

More information about the Mono-list mailing list