[Mono-list] TLS and permissions?

Mark Farver mfarver at mindbent.org
Wed Sep 1 11:44:06 EDT 2010


So I have an application that works correctly when run by root, but
fails when run by a normal user:

System.Net.WebException: Error getting response stream (Write: The
authentication or decryption has failed.): SendFailure --->
System.IO.IOException: The authentication or decryption has failed.
---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate
received from server. Error code: 0xffffffff800b010a
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
in <filename unknown>:0
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000] in <filename unknown>:0
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000] in <filename unknown>:0
  at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
unknown>:0
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetRequestStream (IAsyncResult
asyncResult) [0x00000] in <filename unknown>:0
  at System.Net.HttpWebRequest.GetRequestStream () [0x00000] in
<filename unknown>:0
  at Amazon.SimpleDB.AmazonSimpleDBClient.Invoke[DomainMetadataResponse]
(IDictionary`2 parameters) [0x00000] in <filename unknown>:0

I applied the patch listed here which is what made it work for root,
(previously root got Error Code 0xffffffff80092012)
https://bugzilla.novell.com/show_bug.cgi?id=634433

Any ideas why certificate checking would behave differently for
root/normal user?

Thanks
Mark Farver


More information about the Mono-list mailing list