[Mono-list] Problem with mono and HtttpWebRequest (ssl)

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Tue Jun 16 12:50:41 UTC 2015


> From: mono-list-bounces at lists.ximian.com [mailto:mono-list-
> bounces at lists.ximian.com] On Behalf Of MkProc
> 
> but using my company’s site I always get exceptions like this:
> 
> System.Net.WebException: Error getting response stream (Write: The
> authentication or decryption has failed.): SendFailure --->
> System.IO.IOException: The authentication or decryption has failed. --->

Try using these guys on your company server, and see what they say. If you have a broken server SSL configuration, they'll expose it for you.
https://www.ssllabs.com/ssltest/index.html 

First of all, works for me. I tested on windows, mac (mono 3.12.1), and linux (centos 6, mono 3.4.1). I tested against my own company server.

My first suspicion, make sure your company server is correctly serving the intermediate cert, and that the company server is using a root which is trusted by the client. In Apache, the relevant directives are SSLCertificateFile, SSLCertificateChainFile, and SSLCACertificateFile

When you run mozroots, you only populate roots. Not intermediates. It just so happens, mono doesn't store intermediates, which requires the server to send the intermediate every time. The behavior on windows is different - Every time windows sees an intermediate cert, it stores it, and if any connection ever fails to deliver an intermediate, windows attempts to fix the broken chain by scanning cached intermediates. IMHO, this is bad behavior because Windows is covering up for a broken server configuration - but that's the way it is.

What kind of server are you running?



More information about the Mono-list mailing list