[Mono-list] SslStream

Jonathan Gagnon jonathan.gagnon at croesus.com
Wed Feb 14 11:17:08 EST 2007

It works well now.  Thanks a lot for the detailed explanation.


-----Message d'origine-----
De : Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com] 
Envoyé : Tuesday, February 13, 2007 6:57 PM
À : Jonathan Gagnon
Cc : mono-list at lists.ximian.com
Objet : Re: [Mono-list] SslStream

Bonjour Jonathan,

On Tue, 2007-02-13 at 17:51 -0500, Jonathan Gagnon wrote:
> I have a server application that uses the SslStream class and I would 
> like to make it work in mono.  It seems like the SslStream class is 
> not implemented yet but that I could use SslServerStream to make it 
> work.  Unfortunately, that doesn't seem to work in my case.  I always 
> get the following error :
> System.IO.IOException: The authentication or decryption has failed.
> ---> Mono.Security.Protocol.Tls.TlsException: Server certificate
> Private Key unavailable.
>   at
s1 () [0x00000]
>   at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () 
> [0x00000]
>   at (wrapper remoting-invoke-with-check) 
> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
>   at
> Mono.Security.Protocol.Tls.ServerRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
>   at
> Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] --- End of inner exception stack trace
>   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> (IAsyncResult asyncResult) [0x00000]
> Here's what my code looks like :
>     X509Certificate certificate = new X509Certificate("c:\ 
> \certificate.cer");
>     SslServerStream sslStream = new
> SslServerStream(tcpClient.GetStream(), certificate);
> Here is the code that works when I run the application with .NET, 
> using the SslStream class :
>     X509Certificate certificate = new X509Certificate("c:\ 
> \certificate.cer");
>     SslStream sslStream = new SslStream(tcpClient.GetStream());
>     sslStream.AuthenticateAsServer(certificate);
> The certificate file was created using the makecert tool that comes 
> with .NET.  It seems like mono is unable to retrieve the private key 
> from it.
> Any idea what the problem could be,

Yes. The .cer file contains only the certificate, not the private key.

Under Windows, CryptoAPI does some magic (well looks for the .cer into it's
certificate store and retrieve the associated private key) to make it work -
and it has it's own drawbacks.

We'll eventually support something similar now that we have support for our
own (certificate and key) stores. When ? probably when we have a working
SslStream implementation. In the mean time...

>  or what I could do to make it work with mono?

Yes, using SslServerStream you can set a delegate to retrieve the private
key (e.g. MS makecert generates it into a PVK file). Have a look at XSP
source code for a sample.

> Thanks,
> Jonathan
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com 
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list