[Mono-list] Ssl cert validation
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Mon Mar 17 20:39:13 UTC 2014
This is frustrating me to no end. Can anybody shed any light?
I have a server and client application, using signed trusted cert, and it all works fine on windows. I understand (but I'm surprised) that mono trusts no root CA's, so you have to "mozroots --import --sync" if you want to change that. And I confirm after doing that, I have a bunch of stuff under ~/.config/.mono/certs/Trust/ ... But still, the client is rejecting the server cert.
To eliminate possibility of errors with my cert, or server behavior etc, I have done this: A really simple program to connect to a https website and see if SSL is working..
This still has SslPolicyErrors RemoteCertificateNotAvailable
using System;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace FunWithSsl
{
class MainClass
{
public static void Main (string[] args)
{
string targetHost = "verisign.com";
IPAddress[] addresses = Dns.GetHostAddresses (targetHost);
var client = new TcpClient ();
client.Connect (addresses [0],443);
var mySslStream = new SslStream (client.GetStream(), false, ValidateServerCertificate);
mySslStream.AuthenticateAsClient (targetHost, null, SslProtocols.Tls, false);
System.Console.WriteLine ("Finished");
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20140317/b00729ec/attachment.html>
More information about the Mono-list
mailing list