[Mono-list] https server

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Apr 27 09:46:07 EDT 2006 

Hello Pere,

(you didn't c.c. the mailing-list ;-)

Ok, so it's not related to PKCS12 either. We did a lot of SSL fixes in
the 1.1.13.x branch and I'm not sure exactly when .6-3 was issued (wrt
to the fixes).

Please open a bugzilla issue on bugzilla.ximian.com (with complete
step-by-step instruction on how to replicate your issue) and I'll have a
look at it. 

If this is already fixed in the branch then the fix may only requires
you to update your Mono.Security.dll assembly (but not your whole
setup).

On Thu, 2006-04-27 at 15:33 +0200, Pere Rodríguez wrote:
> Hello Sebastien,
> 
> sorry, the correct command is:
> 
> xsp --https --port 443 --p12file cert.p12 --pkpwd abc
> 
> I forgot to type password. The PKCS#12 file has password.
> 
> The -12243 error appears in firefox.
> 
> I test on mono 1.1.13.4-1 and it run ok, and in mono 1.1.13.6-3 it
> doesn't run. Perhaps I don't have installed some paquet ???
> 
> If I sniff the network I see this ssl result:
> 
> Client (firefox)   Server (xsp)
> ClientHello -->
> <-- ServerHello
> <-- Certificate    (the certificate that send is ok)
> <-- ServerKeyExchange  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> <-- Alert:Warning:InternalError
> Alert:Fatal:UnexpectedMessage -->
> 
> If I program my https server, in firefox I obtain the same error, and
> the ssl handshake is the same (..., certificate, serverkeyexchange,
> ...). Now I obtain this mono error:
> 
> System.IO.IOException: The authentication or decryption has failed.
> ---> System.NotSupportedException: Operation is not supported.
> in [0x00005] (at
> /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51)
> Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update
> ()
> in [0x00019] (at
> /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663)
> Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback
> (IAsyncResult ar)--- End of inner exception stack trace ---
> 
> in [0x00054] (at
> /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107)
> Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
> (IAsyncResult asyncResult)
> 
> The same source works fine in mono 1.1.13.4-1, but in 1.1.13.6 appears
> this error.
> 
> Now I will install more mono packages (I think that I don't need them
> ...) and, if the error persist, I will install mono 1.1.15 from bin
> installer, but I don't like it, I prefer debian packages.
> 
> Thanks in advance,
> 
> pere
> 
> 
> 2006/4/27, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > Hello Pere,
> >
> > On Thu, 2006-04-27 at 08:49 +0200, Pere Rodríguez wrote:
> > > Hello Sebastien,
> > >
> > > at the moment I don't use client certificate,
> >
> > Ah, the article you referenced confused me.
> >
> > > I do:
> > >
> > > xsp --https --port 443 --p12file cert.p12 --pkpwd
> > >
> > > and it doesn't run ok, with firefox appears -12243 error.
> >
> > Where ? on XSP console or in FireFox ?
> >
> > > I test that with mono 1.1.13.4-1 it runs but with 1.1.13.6-3 it
> > > doesn't run. Xsp always is 1.1.13-1 version. I work with debian sid.
> > >
> > > Some idea?
> >
> > I recall a change was done to handle PKCS#12 empty password (but I'm
> > unsure when). Try generating a PKCS#12 file with a password.
> >
> > > Thanks in advance,
> >
> > No problem, but please continue to c.c. the mailing-list so all problems
> > (and solutions) can be indexed.
> >
> > > pere
> > >
> > >
> > > 2006/4/24, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > > > Hello Pere,
> > > >
> > > > I can do almost any steps in the wiki without problem. However it seems
> > > > that wget 1.10 changed it's SSL options and doesn't accept the
> > > > certificate as it used to (in version 1.9.1).
> > > >
> > > > Now, even then I do not get the same error as you are describing. This
> > > > may be due to how you created the certificates (and/or executed XSP).
> > > >
> > > > Also note that executing "wget https://estudion/cctest.aspx" doesn't
> > > > send any client certificate, so an error is normal if XSP is running
> > > > with the --https-client-require parameter.
> > > >
> > > > On Mon, 2006-04-24 at 09:45 +0200, Pere Rodríguez wrote:
> > > > > Hello,
> > > > >
> > > > > I'm testing http://www.mono-project.com/UsingClientCertificatesWithXSP
> > > > > example and when I execute wget https://localhost/cctest.aspx I obtain
> > > > > this error:
> > > > >
> > > > > prr at estudion:~/pki$ wget https://estudion/cctest.aspx
> > > > > --09:38:30--  https://estudion/cctest.aspx
> > > > >            => `cctest.aspx'
> > > > > S'està resolguent estudion... 127.0.0.1
> > > > > Connecting to estudion|127.0.0.1|:443... connexió establerta.
> > > > > OpenSSL: error:1408D078:SSL routines:SSL3_GET_KEY_EXCHANGE:bad rsa e length
> > > > > No s'ha pogut establir la connexió SSL.
> > > > >
> > > > > I created PKCS#12 with openssl and with makecert and the error always
> > > > > is the same.
> > > > >
> > > > > I also test http://pages.infinit.net/ctech/200411.html example and the
> > > > > error with wget is the same. With this example the mono error is:
> > > > >
> > > > > System.IO.IOException: The authentication or decryption has failed.
> > > > > ---> System.NotSupportedException: Operation is not supported.
> > > > > in [0x00005] (at
> > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51)
> > > > > Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update
> > > > > ()
> > > > > in [0x00019] (at
> > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663)
> > > > > Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback
> > > > > (IAsyncResult ar)--- End of inner exception stack trace ---
> > > > >
> > > > > in [0x00054] (at
> > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107)
> > > > > Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
> > > > > (IAsyncResult asyncResult)
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > pere
> > > > > _______________________________________________
> > > > > Mono-list maillist  -  Mono-list at lists.ximian.com
> > > > > http://lists.ximian.com/mailman/listinfo/mono-list
> > > > --
> > > > Sebastien Pouliot  <sebastien at ximian.com>
> > > > Blog: http://pages.infinit.net/ctech/
> > > >
> > > >
> > --
> > Sebastien Pouliot  <sebastien at ximian.com>
> > Blog: http://pages.infinit.net/ctech/
> >
> >
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list