[MonoTouch] Strange SSL/HTTPS error with WebClient
Nic Wise
nicw at fastchicken.co.nz
Mon Dec 19 10:45:27 EST 2011
Hi there
I'm doing this in one of my apps:
------------------------
ServicePointManager.ServerCertificateValidationCallback = (sender,
cert, chain, ssl) => true;
WebClient wc = new WebClient();
string s = wc.DownloadString("http://cust.domain.com/verify");
//do some stuff with it
-----------------------------------
(ok, so it's a LITTLE more than that - I set some headers to accept
XML, and set the timeout to around 30 seconds, and plug in a cookie
container)
and on one customer, I'm getting this error back:
Error getting response stream (Write: The authentication or decryption
has failed.): SendFailure
However, I'm only getting it for this one customer, but he's getting
it on WIFI and 3G.
The certificate is a wildcard one, tho it always has been.... Below is
a dump from curl which does exactly what I'm doing:
* About to connect() to bigted.freeagent.com port 443 (#0)
* Trying 94.236.51.1... connected
* Connected to bigted.freeagent.com (94.236.51.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /O=*.freeagent.com/OU=Domain Control
Validated/CN=*.freeagent.com
* start date: 2011-04-18 10:53:44 GMT
* expire date: 2013-04-18 10:53:44 GMT
* subjectAltName: bigted.freeagent.com matched
* issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
* SSL certificate verify ok.
* Server auth using Basic with user 'nicw at fc.com'
> GET /verify HTTP/1.1
> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
> Host: bigted.freeagent.com
> Accept: application/xml
> Content-Type: application/xml
>
< HTTP/1.1 200 OK
< Server: nginx/1.0.6
< Date: Mon, 19 Dec 2011 15:42:12 GMT
< Content-Type: application/xml; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Status: 200 OK
< User-Id: 6309
< User-Permission-Level: 8
< Company-Type: UkLimitedCompany
< Company-Currency: GBP
< Company-Mileage-Unit: miles
< Cache-Control: no-cache
< X-UA-Compatible: IE=Edge,chrome=1
< Set-Cookie: _freeagent_session=xxxxxxxxxxxxxxxxxx;
domain=.freeagent.com; path=/; expires=Mon, 19-Dec-2011 16:12:12 GMT;
secure; HttpOnly; max-age=1800
< X-Runtime: 0.015869
< X-Rev: 5aa7e9c
< X-Host: web3
<
* Connection #0 to host bigted.freeagent.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Anyone (Sebastian?) got any ideas?
Cheers
Nic
--
Nic Wise
t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise
b. http://www.fastchicken.co.nz/
Nearest Bus: find when the next bus is coming to your stop. http://goo.gl/Vcz1p
mobileAgent (for FreeAgent): get your accounts in your pocket.
http://goo.gl/IuBU
Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa
London Bike App: Find the nearest Boris Bike, and get riding! http://goo.gl/Icp2
More information about the MonoTouch
mailing list