[Mono-list] SslStream + mono == error

Mon Sep 13 14:04:49 EDT 2010

  Are you using a "valid" certificate?
Valid means: a "real certificate", the one that came from a 
certification authority.
Not valid means: a certificate issued by yourself.
In that case you must build an "accept all certificates routine", one 
that can trust valid (from certification authorities) and invalid (your 
own issued) certificates.

Take a look to
http://blog.jameshiggs.com/2008/05/01/c-how-to-accept-an-invalid-ssl-certificate-programmatically/
or googling for a solution
http://www.google.it/search?hl=&q=%2Baccept+%2Buntrusted+%2Bcertificates+%2B"c%23"

Hi,
Aldus.

Il 13/09/2010 19.44, astromag ha scritto:
> Hi,
> I wrotea small application (test) of type client - server(Tcp/Ip, SSL).
> Unfortunately it doeas not work under linux (server on Linux - client on M$
> Windows), in M$ Windows it works.
> It turned out, that server stops on method AuthenticateAsServer of class
> SslStream.
>
> Server application:
> namespace ConsoleApplication1
> {
>      class Program
>      {
>          static void Main(string[] args)
>          {
>              try
>              {
>                  TcpListener listener = new TcpListener(IPAddress.Any, 7777);
>                  listener.Start();
>
>                  X509Certificate cert = new
> X509Certificate2("XServerCertificate.pfx", "0987654321");
>
>                  while (true)
>                  {
>                      TcpClient client = listener.AcceptTcpClient();
>                      SslStream sslStream = new SslStream(client.GetStream());
>
>                      sslStream.AuthenticateAsServer(cert, false,
> System.Security.Authentication.SslProtocols.Tls, false); // Aplikacja
> zatrzymuje się na działaniu tej metody
>                      BinaryWriter writer = new BinaryWriter(sslStream,
> System.Text.Encoding.UTF8);
>                      string s = "Witam :)";
>                      writer.Write(s);
>                      writer.Flush();
>                      sslStream.Flush();
>                      System.Threading.Thread.Sleep(500);
>                      writer.Close();
>                  }
>              }
>              catch (Exception e)
>              {
>                  Console.WriteLine(e.Message);
>              }
>          }
>      }
> }
>
> Client Application:
> namespace SslClient
> {
>      class Program
>      {
>          static void Main(string[] args)
>          {
>              TcpClient client = new TcpClient();
>              client.Connect(IPAddress.Parse("127.0.0.1"), 7777);
>              SslStream sslStream = new SslStream(client.GetStream(), false,
> new RemoteCertificateValidationCallback(Program.CWC));
>              X509Certificate cert1 = new X509Certificate2("MyCa.cer");
>              X509Certificate cert2 = new
> X509Certificate2("XServerCertificate.cer");
>              X509Certificate[] certs = new X509Certificate[2];
>              certs[0] = cert1;
>              certs[1] = cert2;
>              X509CertificateCollection cc = new
> X509CertificateCollection(certs);
>
>              sslStream.AuthenticateAsClient("XServerCertificate", cc,
> System.Security.Authentication.SslProtocols.Ssl3, false);
>
>              System.IO.BinaryReader reader = new
> System.IO.BinaryReader(sslStream, System.Text.Encoding.UTF8);
>
>              Console.WriteLine(reader.ReadString());
>              reader.Close();
>
>              Console.WriteLine("Koniec");
>              Console.ReadKey(false);
>
>          }
>
>          static bool CWC(object sender, X509Certificate cert, X509Chain
> chain, SslPolicyErrors errors)
>          {
>              if (errors == SslPolicyErrors.None)
>              {
>                  return true;
>              }
>              else
>              {
>                  return false;
>              }
>          }
>      }
> }
>
> I assume, that problem lies in interpretation of certificates under Linux (
> I have not  problems, with the same certificates under M$ Windows).
>
> So far Google did not bring answer.
>
> Client's code  started in mono 2.6.7 threw out an error.
> Unhandled Exception: System.IO.IOException: The authentication or decryption
> has
>   failed. --->  Mono.Security.Protocol.Tls.TlsException: Invalid certificate
> recei
> ved from server.
>    at
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCe
> rtificates (Mono.Security.X509.X509CertificateCollection certificates)
> [0x00000]
>   in<filename unknown>:0
>    at
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsT
> ls1 () [0x00000] in<filename unknown>:0
>    at
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsS
> sl3 () [0x00000] in<filename unknown>:0
>    at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
> [0x00000]
> in<filename unknown>:0
>    at (wrapper remoting-invoke-with-check)
> Mono.Security.Protocol.Tls.Handshake.H
> andshakeMessage:Process ()
>    at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> (Mo
> no.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in<filename
> unknown>:0
>    at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> (IA
> syncResult asyncResult) [0x00000] in<filename unknown>:0
>    --- End of inner exception stack trace ---
>    at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> (IAsyncResu
> lt asyncResult) [0x00000] in<filename unknown>:0
>
> I ask for help.

-- 
------------------------------------------------------------------
"If you are thinking one year ahead, sow seed.
If you are thinking ten years ahead, plant a tree.
If you are thinking one hundred years ahead, educate the people."
                                Kuan Tze, Chinese poet, 400 B.C.