[Mono-list] urgent: WS with client side certificate

Pere Rodríguez pere.rodriguez.rodriguez at gmail.com
Tue Apr 18 11:28:10 EDT 2006


Hello Sebastien,

> The SSL/TLS code inside Mono.Security does support client-certificates.
>
> It's not easy or clean but it's possible to use reflection to add a
> delegate to Mono.Security.SslClientStream.PrivateKeySelectionCallback.
>
> This would allow you to supply (manually) the private key (associated
> with the certificate) when it is required by the stream to authenticate
> the client connection to the server.

How can I do it?

I only have a proxy class, so how can I acces to
Mono.Security.SslClientStream.PrivateKeySelectionCallback object and
add a delegate?

Thanks in advance,

pere


2006/4/18, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> Hello Pere,
>
> On Tue, 2006-04-18 at 10:17 +0200, Pere Rodríguez wrote:
> > Hello,
> >
> > I need connect to a WS that require certificate on client side and I don't
> > know how do it.
> >
> > Does mono suport for a certificate on client side in a WS connection?
>
> The short answer is no.
>
> > I registered with certmgr server certificate and my certificate
> > (client) and I add
> >
> > proxy.ClientCertificates.Add (X509Certificate.CreateFromCertFile ("..."));
> >
> > to my source, but it doesn't run. Server doesn't accept connection.
> >
> > I don't know how to inform about my private key or how to register my
> > PKCS#12 in mono.
>
> You're on the right track and found the main problem. I.e. before fx 2.0
> there's no API to match a certificate and a keypair. MS depends on
> CryptoAPI to do this "magic" behind the scene.
>
> Fx 2.0 supports certificates "with" a private key (e.g. it keeps both of
> them inside the same instance when a X.509 certificate is loaded from a
> PKCS#12 file, or a certificate store).
>
> > Some idea please ...
>
> The SSL/TLS code inside Mono.Security does support client-certificates.
>
> It's not easy or clean but it's possible to use reflection to add a
> delegate to Mono.Security.SslClientStream.PrivateKeySelectionCallback.
>
> This would allow you to supply (manually) the private key (associated
> with the certificate) when it is required by the stream to authenticate
> the client connection to the server.
>
> Other alternatives are:
>
> * wrap the HTTP code around a HTTPS connection made with
> Mono.Security.dll (e.g. your own proxy);
>
> * contribute to the Mono .NET 2.0 profile (wait for it to be completed);
>
> --
> Sebastien Pouliot  <sebastien at ximian.com>
> Blog: http://pages.infinit.net/ctech/
>
>


More information about the Mono-list mailing list