[Mono-list] urgent: WS with client side certificate

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Apr 18 11:55:34 EDT 2006


On Tue, 2006-04-18 at 17:28 +0200, Pere Rodríguez wrote:
> Hello Sebastien,
> 
> > The SSL/TLS code inside Mono.Security does support client-certificates.
> >
> > It's not easy or clean but it's possible to use reflection to add a
> > delegate to Mono.Security.SslClientStream.PrivateKeySelectionCallback.
> >
> > This would allow you to supply (manually) the private key (associated
> > with the certificate) when it is required by the stream to authenticate
> > the client connection to the server.
> 
> How can I do it?
> 
> I only have a proxy class, so how can I acces to
> Mono.Security.SslClientStream.PrivateKeySelectionCallback object and
> add a delegate?

Well... I forgot about the (code) proxy part for ws clients, so this
gets even more awful (if possible).

Doing a "real" network proxy in your own application now seem an easier
solution.

Get your ws client proxy code to talk to a local (either embedded or
external) HTTP server that will forward everything (well both ways) to
the destination HTTPS server. This will give you full control to setup
the HTTPS connection (including setting up the client certificates).

> Thanks in advance,
> 
> pere
> 
> 
> 2006/4/18, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > Hello Pere,
> >
> > On Tue, 2006-04-18 at 10:17 +0200, Pere Rodríguez wrote:
> > > Hello,
> > >
> > > I need connect to a WS that require certificate on client side and I don't
> > > know how do it.
> > >
> > > Does mono suport for a certificate on client side in a WS connection?
> >
> > The short answer is no.
> >
> > > I registered with certmgr server certificate and my certificate
> > > (client) and I add
> > >
> > > proxy.ClientCertificates.Add (X509Certificate.CreateFromCertFile ("..."));
> > >
> > > to my source, but it doesn't run. Server doesn't accept connection.
> > >
> > > I don't know how to inform about my private key or how to register my
> > > PKCS#12 in mono.
> >
> > You're on the right track and found the main problem. I.e. before fx 2.0
> > there's no API to match a certificate and a keypair. MS depends on
> > CryptoAPI to do this "magic" behind the scene.
> >
> > Fx 2.0 supports certificates "with" a private key (e.g. it keeps both of
> > them inside the same instance when a X.509 certificate is loaded from a
> > PKCS#12 file, or a certificate store).
> >
> > > Some idea please ...
> >
> > The SSL/TLS code inside Mono.Security does support client-certificates.
> >
> > It's not easy or clean but it's possible to use reflection to add a
> > delegate to Mono.Security.SslClientStream.PrivateKeySelectionCallback.
> >
> > This would allow you to supply (manually) the private key (associated
> > with the certificate) when it is required by the stream to authenticate
> > the client connection to the server.
> >
> > Other alternatives are:
> >
> > * wrap the HTTP code around a HTTPS connection made with
> > Mono.Security.dll (e.g. your own proxy);
> >
> > * contribute to the Mono .NET 2.0 profile (wait for it to be completed);
> >
> > --
> > Sebastien Pouliot  <sebastien at ximian.com>
> > Blog: http://pages.infinit.net/ctech/
> >
> >



More information about the Mono-list mailing list