[Mono-list] HTTPS: 'Invalid certificate received from server.' and mozroots

Tym Majewski tym.majewski at nearmap.com
Wed Jan 19 23:34:50 EST 2011 

Hello gurus,

This is Mono 2.6.7 Ubuntu

Problem:
    I cannot connect to https pages (using HttpWebRequest) from MONO ASP and
I cannot (well, maybe I'm not doing it right) display installed x509 certs.

Error message:
    Failed to submit to encrypted.google.com form System.Net.WebException:
Error getting response stream (Write: The authentication or decryption has
failed.): SendFailure ---> System.IO.IOException: The authentication or
decryption has failed. ---> Mono.Security.Protocol.Tls.
TlsException: Invalid certificate received from server. Error code:
0xffffffff800b010a

Extra info:
1. I restarted mono several times.
2. If I provide my own
ServicePointManager.ServerCertificateValidationCallback validator and return
true, the handshake goes through.
3. Connecting to example pages (paypal, google etc) from my Firefox doesn't
show any issues.
4. Connecting to various pages with http:// (not s) works fine.
5. I imported the std root certs with mozroots:

          $sudo mozroots --import --machine --sync
          Mozilla Roots Importer - version 2.6.7.0
          Download and import trusted root certificates from Mozilla's LXR.
          Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008
Novell. BSD licensed.

          Downloading from '
http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'.<http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt%27.>
..
          Importing certificates into machine store...
          140 new root certificates were added to your trust store.
          Import process completed.

I can see the certs are there:
          $ls /usr/share/.mono/certs/Trust | wc -l
          140


I tried to look at the installed certs but I always get Count = 0:

            X509Store storeMachine = new
X509Store(StoreLocation.LocalMachine); //I also tried
StoreLocation.CurrentUser also with no success.
            storeMachine.Open(OpenFlags.ReadOnly); //BTW. Is this necessary
at all?

            X509Certificate2Collection storecollection2 =
(X509Certificate2Collection)storeMachine.Certificates;
            Console.WriteLine("Number of X509 certs Machine: {0}",
storecollection2.Count);
            foreach (X509Certificate2 x509 in storecollection2)
            {
                Console.WriteLine("certificate name: {0}", x509.Subject);
            }


Thanks in advance for any help


-- 
Tymek Majewski
Software Developer
NearMap.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-list/attachments/20110120/d7cf9558/attachment-0001.html

More information about the Mono-list mailing list