[Mono-list] https server
Pere Rodríguez
pere.rodriguez.rodriguez at gmail.com
Thu Apr 27 16:37:20 EDT 2006
Hello Sebastien,
2006/4/27, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> Hello Pere,
>
> (you didn't c.c. the mailing-list ;-)
yes!
>
> Ok, so it's not related to PKCS12 either. We did a lot of SSL fixes in
> the 1.1.13.x branch and I'm not sure exactly when .6-3 was issued (wrt
> to the fixes).
>
> Please open a bugzilla issue on bugzilla.ximian.com (with complete
> step-by-step instruction on how to replicate your issue) and I'll have a
> look at it.
Ok, I do it (although provisionally or I have solved the problem).
>
> If this is already fixed in the branch then the fix may only requires
> you to update your Mono.Security.dll assembly (but not your whole
> setup).
Ok, I do it. I have replaced version 1.1.13 of Mono.Security.dll by
the 1.1.15 and everything works fine :)
At the moment I will continue thus and when version 1.1.15 is
available in Debian I will update my system.
Thank you very much.
>
> On Thu, 2006-04-27 at 15:33 +0200, Pere Rodríguez wrote:
> > Hello Sebastien,
> >
> > sorry, the correct command is:
> >
> > xsp --https --port 443 --p12file cert.p12 --pkpwd abc
> >
> > I forgot to type password. The PKCS#12 file has password.
> >
> > The -12243 error appears in firefox.
> >
> > I test on mono 1.1.13.4-1 and it run ok, and in mono 1.1.13.6-3 it
> > doesn't run. Perhaps I don't have installed some paquet ???
> >
> > If I sniff the network I see this ssl result:
> >
> > Client (firefox) Server (xsp)
> > ClientHello -->
> > <-- ServerHello
> > <-- Certificate (the certificate that send is ok)
> > <-- ServerKeyExchange !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> > <-- Alert:Warning:InternalError
> > Alert:Fatal:UnexpectedMessage -->
> >
> > If I program my https server, in firefox I obtain the same error, and
> > the ssl handshake is the same (..., certificate, serverkeyexchange,
> > ...). Now I obtain this mono error:
> >
> > System.IO.IOException: The authentication or decryption has failed.
> > ---> System.NotSupportedException: Operation is not supported.
> > in [0x00005] (at
> > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51)
> > Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update
> > ()
> > in [0x00019] (at
> > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663)
> > Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback
> > (IAsyncResult ar)--- End of inner exception stack trace ---
> >
> > in [0x00054] (at
> > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107)
> > Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
> > (IAsyncResult asyncResult)
> >
> > The same source works fine in mono 1.1.13.4-1, but in 1.1.13.6 appears
> > this error.
> >
> > Now I will install more mono packages (I think that I don't need them
> > ...) and, if the error persist, I will install mono 1.1.15 from bin
> > installer, but I don't like it, I prefer debian packages.
> >
> > Thanks in advance,
> >
> > pere
> >
> >
> > 2006/4/27, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > > Hello Pere,
> > >
> > > On Thu, 2006-04-27 at 08:49 +0200, Pere Rodríguez wrote:
> > > > Hello Sebastien,
> > > >
> > > > at the moment I don't use client certificate,
> > >
> > > Ah, the article you referenced confused me.
> > >
> > > > I do:
> > > >
> > > > xsp --https --port 443 --p12file cert.p12 --pkpwd
> > > >
> > > > and it doesn't run ok, with firefox appears -12243 error.
> > >
> > > Where ? on XSP console or in FireFox ?
> > >
> > > > I test that with mono 1.1.13.4-1 it runs but with 1.1.13.6-3 it
> > > > doesn't run. Xsp always is 1.1.13-1 version. I work with debian sid.
> > > >
> > > > Some idea?
> > >
> > > I recall a change was done to handle PKCS#12 empty password (but I'm
> > > unsure when). Try generating a PKCS#12 file with a password.
> > >
> > > > Thanks in advance,
> > >
> > > No problem, but please continue to c.c. the mailing-list so all problems
> > > (and solutions) can be indexed.
> > >
> > > > pere
> > > >
> > > >
> > > > 2006/4/24, Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > > > > Hello Pere,
> > > > >
> > > > > I can do almost any steps in the wiki without problem. However it seems
> > > > > that wget 1.10 changed it's SSL options and doesn't accept the
> > > > > certificate as it used to (in version 1.9.1).
> > > > >
> > > > > Now, even then I do not get the same error as you are describing. This
> > > > > may be due to how you created the certificates (and/or executed XSP).
> > > > >
> > > > > Also note that executing "wget https://estudion/cctest.aspx" doesn't
> > > > > send any client certificate, so an error is normal if XSP is running
> > > > > with the --https-client-require parameter.
> > > > >
> > > > > On Mon, 2006-04-24 at 09:45 +0200, Pere Rodríguez wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I'm testing http://www.mono-project.com/UsingClientCertificatesWithXSP
> > > > > > example and when I execute wget https://localhost/cctest.aspx I obtain
> > > > > > this error:
> > > > > >
> > > > > > prr at estudion:~/pki$ wget https://estudion/cctest.aspx
> > > > > > --09:38:30-- https://estudion/cctest.aspx
> > > > > > => `cctest.aspx'
> > > > > > S'està resolguent estudion... 127.0.0.1
> > > > > > Connecting to estudion|127.0.0.1|:443... connexió establerta.
> > > > > > OpenSSL: error:1408D078:SSL routines:SSL3_GET_KEY_EXCHANGE:bad rsa e length
> > > > > > No s'ha pogut establir la connexió SSL.
> > > > > >
> > > > > > I created PKCS#12 with openssl and with makecert and the error always
> > > > > > is the same.
> > > > > >
> > > > > > I also test http://pages.infinit.net/ctech/200411.html example and the
> > > > > > error with wget is the same. With this example the mono error is:
> > > > > >
> > > > > > System.IO.IOException: The authentication or decryption has failed.
> > > > > > ---> System.NotSupportedException: Operation is not supported.
> > > > > > in [0x00005] (at
> > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51)
> > > > > > Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update
> > > > > > ()
> > > > > > in [0x00019] (at
> > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663)
> > > > > > Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback
> > > > > > (IAsyncResult ar)--- End of inner exception stack trace ---
> > > > > >
> > > > > > in [0x00054] (at
> > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107)
> > > > > > Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback
> > > > > > (IAsyncResult asyncResult)
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > pere
> > > > > > _______________________________________________
> > > > > > Mono-list maillist - Mono-list at lists.ximian.com
> > > > > > http://lists.ximian.com/mailman/listinfo/mono-list
> > > > > --
> > > > > Sebastien Pouliot <sebastien at ximian.com>
> > > > > Blog: http://pages.infinit.net/ctech/
> > > > >
> > > > >
> > > --
> > > Sebastien Pouliot <sebastien at ximian.com>
> > > Blog: http://pages.infinit.net/ctech/
> > >
> > >
> --
> Sebastien Pouliot <sebastien at ximian.com>
> Blog: http://pages.infinit.net/ctech/
>
>
More information about the Mono-list
mailing list