[Mono-list] SSL/TLS client to an Erlang server

Essien Essien essiene at gmail.com
Sun Apr 26 03:50:21 EDT 2009 

Hi,

I used to do C# development up till about 3 years ago, but I've not
had to do any C# untill recently, so I'm not sure if that makes me a
Mono newbie or not :)

I have an Erlang server to which I want to connect a C# client to over
SSL/TLS, and so far, I've been able to figure out the code side of
things from the docs.

I'm testing with self-signed certificates, created with openssl, and
I've been able to figure out how to convert PEM certs to DER format
which .NET/Mono seems to require.

I've also been able to figure out that I need to usethe certmgr
command line tool to manager certs in the mono cert stores.

My problem right now is that so far, my self-signed certs created with
openssl then converted and imported into mono certificate stores
"Trust" and "CA" do not work against my erlang server.

My commands which I use are below:

To create the cert:

$ openssl genrsa -out key.pem 1024
$ openssl req -new -x509 -key key.pem -sha1 -nodes -out cert.pem

To convert to DER cert for use in Mono

$ openssl x509 -in cert.pem -outform DER -out cert.cer

To import into mono's "Trust" store

$ certmgr -add -c Trust cert.cer

I've attached my C# code here. I compile it with:

$ gmcs jsonevents_ssl.cs

And when I run with:

$mono jsonevents_ssl.exe

I get the following:

[essiene at audrey ~]$ mono ssltest.exe
Starting
Client connected.
Ceritificate error: RemoteCertificateChainErrors

Unhandled Exception: System.IO.IOException: The authentication or
decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException:
Invalid certificate received from server.
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000]
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsSsl3
() [0x00000]
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000]
  at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000]
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000]
[essiene at audrey ~]$



Any one have any ideas what I could be doing wrong... after much googling, I'm
not sure what is wrong.


Also, incase anyone wants to try to run it, I have attached the Erlang
Server Test as an Escript.
If you have Erlang installed, it will run without being compiled. Just
make it executable and run. Also, remember to change Lines 14, 15 and
16 to point to the proper paths where you have stored the PEM cert and
keyfile created above.


cheers,
Essien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jsonevents_ssl.cs
Type: application/octet-stream
Size: 3150 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-list/attachments/20090426/d50e0b0d/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslserver.erl
Type: application/octet-stream
Size: 1112 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-list/attachments/20090426/d50e0b0d/attachment-0001.obj

More information about the Mono-list mailing list