[Mono-list] Preview 2.6.6

Mon Jul 12 15:46:04 EDT 2010

Done both of these steps.  I can send an email as myself via a console
app.  I've also completely blown away the shared cert store and
reimported, twice.

I'm not a Linux pro, far from it, can you suggest a way I could run a
console app as the apache user from the command line?  There's a way
to do this through sudo, right?

Thanks.

-Abe

On Mon, Jul 12, 2010 at 3:34 PM, Sebastien Pouliot
<sebastien.pouliot at gmail.com> wrote:
> Abe,
>
> If you can't test it with the apache user then write a non-ASP.NET app
> doing the same (emailing) and run it under your current user.
>
> Then use certmgr to delete all certificates (of the current user, not
> machine) and try again. At this step you'll be sure if (or not) the
> required certificates were found.
>
> Update the bug report with the above information.
>
> Thanks
> Sebastien
>
> On Mon, 2010-07-12 at 15:19 -0400, Abe Gillespie wrote:
>> Hi Sebastian,
>>
>> I ran mozroots as myself but with the -m switch to install into the
>> machine store.  Of course I did run it with "sudo" so it's technically
>> owned by root:root.  I don't believe it's a permissions problem
>> because a) this worked fine somewhere along the 2.4.x line, b) others
>> seem to be experiencing this as a recent regression as evidenced by
>> this http://bit.ly/bjxgHT, and c) I'm *pretty* sure the apache user
>> has the necessary rights to read the certs - ugo all have the "r" flag
>> set through the entire directory structure to the certs
>> (/usr/share/.mono/certs/*), unfortunately I couldn't verify for sure
>> because when I switch user from root to apache I get "This account is
>> currently not available.".
>>
>> -Abe
>>
>> On Mon, Jul 12, 2010 at 1:43 PM, Sebastien Pouliot
>> <sebastien.pouliot at gmail.com> wrote:
>> > On Sat, 2010-07-10 at 13:44 -0400, Abe Gillespie wrote:
>> >> sberryman, Jan,
>> >>
>> >> Thanks for the help, guys.  I did try this as I've used this
>> >> work-around before and I *thought* it wasn't working as well.  But I
>> >> just had another try and it worked fine.
>> >>
>> >> Now, is there a safe way to implement this work-around?
>> >
>> > Not really - otherwise there would be no gain (just pain) in verifying
>> > the certificate chain ;-)
>> >
>> >>  I'm not much
>> >> of a security wonk, so what can I check in the cert to accept only
>> >> Google's?  I see properties like Issuer, Thumbprint, and
>> >> GetRawCertData.
>> >
>> >> Can I use any of these to verify, or at least do
>> >> slightly more than "return true" for all certs?
>> >
>> > You can check the thumbprint (it's a hash) but that will stop working
>> > when Google updates its certificate or if it use more than one
>> > certificate (e.g. on different servers).
>> >
>> > Now (from the bug report) it looks like you have permission issues when
>> > executing code from apache (likely it can't read the certificates). See
>> > my comment there...
>> >
>> >> Thanks.
>> >> -Abe
>> >>
>> >> On Fri, Jul 9, 2010 at 10:06 PM, sberryman <shaun at golfsigma.com> wrote:
>> >> >
>> >> > You could always use the ServicePointManager to accept all SSL certs.
>> >> > Security risk but I've used it in the past when I've had problems with Mono
>> >> > and SSL certs.
>> >> >
>> >> > Simply add the following delegate before you send the email.
>> >> >
>> >> > ServicePointManager.ServerCertificateValidationCallback = delegate(object
>> >> > sender, System.Security.Cryptography.X509Certificates.X509Certificate
>> >> > certificate, System.Security.Cryptography.X509Certificates.X509Chain chain,
>> >> > System.Net.Security.SslPolicyErrors sslPolicyErrors)
>> >> > {
>> >> >     return true;
>> >> > };
>> >> >
>> >> > --
>> >> > View this message in context: http://mono.1490590.n4.nabble.com/Preview-2-6-6-tp2279971p2284277.html
>> >> > Sent from the Mono - General mailing list archive at Nabble.com.
>> >> > _______________________________________________
>> >> > Mono-list maillist  -  Mono-list at lists.ximian.com
>> >> > http://lists.ximian.com/mailman/listinfo/mono-list
>> >> >
>> >> _______________________________________________
>> >> Mono-list maillist  -  Mono-list at lists.ximian.com
>> >> http://lists.ximian.com/mailman/listinfo/mono-list
>> >
>> >
>> >
>
>
>