[Mono-list] HttpListener SSL client certificate

Chris Tacke ctacke at opennetcf.com
Fri Aug 8 16:15:22 UTC 2014

“Let a real web server be the web server” isn’t much of an answer.  It’s likely that the solution doesn’t allow the use of a “real” web server or he likely wouldn’t be asking the question. I have a similar scenario where I’m going to need to serve up over SSL and I can’t use one so I, too, am interested in how this will work out.  I’ve probably got a little time until I have to fully commit to a solution, but it sounds like several of us are trying to solve the same problem.


From: Edward Ned Harvey (mono)<mailto:edward.harvey.mono at clevertrove.com>
Sent: ‎Friday‎, ‎August‎ ‎8‎, ‎2014 ‎9‎:‎28‎ ‎AM
To: DrGusman<mailto:geniwab at gmail.com>, mono-list at lists.ximian.com<mailto:mono-list at lists.ximian.com>

> From: mono-list-bounces at lists.ximian.com [mailto:mono-list-
> bounces at lists.ximian.com] On Behalf Of DrGusman
> I will add the patches you said on the previous postto my mono branch and
> will give it a try, if found it's really unstable or troublesome then I will
> use one of my backup plans, add a nginx router which will do the ssl
> decryption or using also nginx connect through FastCGI.

Oh yeah.  I would expect, if you want to run C# on a web server, it's almost certainly best for you to do some of the ASP stuff, fastcgi, or similar.  In other words, let a real web server be the web server, because they're focused on making web servers stable, secure, and supportable.

> I hope with the Xamarin boom the mono project get more alive as novell left
> it semi abandoned when was sold, the las 3.7 mono version is really a giant
> leap and Miguel and it's team seem to be working really hard (I am also a
> Xamarin customer, got MT and MD).

Maybe.  But I'm doubtful.  It seems to me that Xamarin is focused only on mobile devices and basically nothing else.  (Even coverage for mono on OSX is very sparse.)

> I'm curious, what do you plan to do to stop using the SslSocket?

We need to make at least a small research project into that.  I'm guessing it will probably be Bouncy Castle.  Not 100% sure yet.  Perhaps openssl - but since they're really C++ with a crude managed wrapper around it, we might not use openssl for that reason.  Bouncy Castle is at least *meant* to be managed code, but I recently uncovered a kind of major flaw with their SecureRandom, which apparently gets used all over the place, so we'll see.  Like I said, haven't made up our minds yet.
Mono-list maillist  -  Mono-list at lists.ximian.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20140808/b03c6a2f/attachment.html>

More information about the Mono-list mailing list