[Mono-list] TLS and permissions?
Sebastien Pouliot
sebastien.pouliot at gmail.com
Wed Sep 1 21:02:26 EDT 2010
Hello Mark,
On Wed, 2010-09-01 at 10:44 -0500, Mark Farver wrote:
> So I have an application that works correctly when run by root, but
> fails when run by a normal user:
That's because there are multiple certificate stores, one for each user
and for for the machine itself (see "man certmgr"). This means that
installing certificates as the current user won't help your server
application.
You can either
a) install them (as root) in the machine store (readable by everyone);
b) install them under the user that is running your web server.
Sebastien
> System.Net.WebException: Error getting response stream (Write: The
> authentication or decryption has failed.): SendFailure --->
> System.IO.IOException: The authentication or decryption has failed.
> ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate
> received from server. Error code: 0xffffffff800b010a
> at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> in <filename unknown>:0
> at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> () [0x00000] in <filename unknown>:0
> at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
> [0x00000] in <filename unknown>:0
> at (wrapper remoting-invoke-with-check)
> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
> at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
> unknown>:0
> at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> --- End of inner exception stack trace ---
> at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> --- End of inner exception stack trace ---
> at System.Net.HttpWebRequest.EndGetRequestStream (IAsyncResult
> asyncResult) [0x00000] in <filename unknown>:0
> at System.Net.HttpWebRequest.GetRequestStream () [0x00000] in
> <filename unknown>:0
> at Amazon.SimpleDB.AmazonSimpleDBClient.Invoke[DomainMetadataResponse]
> (IDictionary`2 parameters) [0x00000] in <filename unknown>:0
>
> I applied the patch listed here which is what made it work for root,
> (previously root got Error Code 0xffffffff80092012)
> https://bugzilla.novell.com/show_bug.cgi?id=634433
>
> Any ideas why certificate checking would behave differently for
> root/normal user?
>
> Thanks
> Mark Farver
> _______________________________________________
> Mono-list maillist - Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
More information about the Mono-list
mailing list