[Mono-list] Ssl cert validation
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Mon Mar 17 20:39:13 UTC 2014
This is frustrating me to no end. Can anybody shed any light?
I have a server and client application, using signed trusted cert, and it all works fine on windows. I understand (but I'm surprised) that mono trusts no root CA's, so you have to "mozroots --import --sync" if you want to change that. And I confirm after doing that, I have a bunch of stuff under ~/.config/.mono/certs/Trust/ ... But still, the client is rejecting the server cert.
To eliminate possibility of errors with my cert, or server behavior etc, I have done this: A really simple program to connect to a https website and see if SSL is working..
This still has SslPolicyErrors RemoteCertificateNotAvailable
public static void Main (string args)
string targetHost = "verisign.com";
IPAddress addresses = Dns.GetHostAddresses (targetHost);
var client = new TcpClient ();
client.Connect (addresses ,443);
var mySslStream = new SslStream (client.GetStream(), false, ValidateServerCertificate);
mySslStream.AuthenticateAsClient (targetHost, null, SslProtocols.Tls, false);
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-list