[Mono-list] HTTPS: 'Invalid certificate received from server.' and mozroots

Brent Hamilton devup at live.com
Fri Jan 21 13:37:43 EST 2011


Tymek,
I believe there may be an outstanding issue with trying to import certificates using mozroots at the MACHINE level.
In my experience, the following command worked when run as the USER that will run the application:
[PATH]/bin/mono [PATH]/mozroots.exe --import --sync
Regards,
DevUp!
Date: Thu, 20 Jan 2011 12:34:50 +0800
From: tym.majewski at nearmap.com
To: mono-list at lists.ximian.com
Subject: [Mono-list] HTTPS: 'Invalid certificate received from server.' and	mozroots

Hello gurus,

This is Mono 2.6.7 Ubuntu 

Problem:
    I 
cannot connect to https pages (using HttpWebRequest) from MONO ASP and I
 cannot (well, maybe I'm not doing it right) display installed x509 
certs.


Error message:
    Failed to submit to encrypted.google.com
 form System.Net.WebException: Error getting response stream (Write: The
 authentication or decryption has failed.): SendFailure ---> 
System.IO.IOException: The authentication or decryption has failed. 
---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a


Extra info:
1. I restarted mono several times. 
2. If I provide my own ServicePointManager.ServerCertificateValidationCallback validator and return true, the handshake goes through.
3. Connecting to example pages (paypal, google etc) from my Firefox doesn't show any issues.


4. Connecting to various pages with http:// (not s) works fine.
5. I imported the std root certs with mozroots:

          $sudo mozroots --import --machine --sync
          Mozilla Roots Importer - version 2.6.7.0


          Download and import trusted root certificates from Mozilla's LXR.
          Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
          
          Downloading from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...


          Importing certificates into machine store...
          140 new root certificates were added to your trust store.
          Import process completed.

I can see the certs are there:
          $ls /usr/share/.mono/certs/Trust | wc -l


          140


I tried to look at the installed certs but I always get Count = 0:

            X509Store storeMachine = new X509Store(StoreLocation.LocalMachine);
//I also tried StoreLocation.CurrentUser also with no success. 
            storeMachine.Open(OpenFlags.ReadOnly);
//BTW. Is this necessary at all?
 
            X509Certificate2Collection storecollection2 = (X509Certificate2Collection)storeMachine.Certificates;

            Console.WriteLine("Number of X509 certs Machine: {0}", storecollection2.Count);

            foreach (X509Certificate2 x509 in storecollection2)

            {

                Console.WriteLine("certificate name: {0}", x509.Subject);

            }


Thanks in advance for any help
-- 
Tymek Majewski
Software Developer
NearMap.com



_______________________________________________
Mono-list maillist  -  Mono-list at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-list/attachments/20110121/3944023c/attachment.html 


More information about the Mono-list mailing list