[MonoTouch] Strange SSL/HTTPS error with WebClient

Nic Wise nicw at fastchicken.co.nz
Mon Dec 19 12:16:22 EST 2011


> Wildcard certificates have been supported by Mono for quite some time
> and since it's working for other people (right?) I think it's unlikely
> to be related to certificate validation.

Just works for everyone BUT this one person.

> Is there any way you can get the full exception ? that will confirm if
> this occurs at negotiation time or later.

I can try. I'm not logging it (but I should be!), so I'll see if I can
get him a ad-hoc build with more of a dump in there.

I hate unrepro-able bugs.

:)

thanks.


Nic



>
> On Mon, Dec 19, 2011 at 10:45 AM, Nic Wise <nicw at fastchicken.co.nz> wrote:
>> Hi there
>>
>> I'm doing this in one of my apps:
>>
>> ------------------------
>>
>> ServicePointManager.ServerCertificateValidationCallback = (sender,
>> cert, chain, ssl) =>  true;
>>
>> WebClient wc = new WebClient();
>> string s = wc.DownloadString("http://cust.domain.com/verify");
>>
>> //do some stuff with it
>>
>> -----------------------------------
>>
>> (ok, so it's a LITTLE more than that - I set some headers to accept
>> XML, and set the timeout to around 30 seconds, and plug in a cookie
>> container)
>>
>> and on one customer, I'm getting this error back:
>>
>> Error getting response stream (Write: The authentication or decryption
>> has failed.): SendFailure
>>
>> However, I'm only getting it for this one customer, but he's getting
>> it on WIFI and 3G.
>>
>> The certificate is a wildcard one, tho it always has been.... Below is
>> a dump from curl which does exactly what I'm doing:
>>
>> * About to connect() to bigted.freeagent.com port 443 (#0)
>> *   Trying 94.236.51.1... connected
>> * Connected to bigted.freeagent.com (94.236.51.1) port 443 (#0)
>> * successfully set certificate verify locations:
>> *   CAfile: none
>>  CApath: /etc/ssl/certs
>> * SSLv3, TLS handshake, Client hello (1):
>> * SSLv3, TLS handshake, Server hello (2):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Server key exchange (12):
>> * SSLv3, TLS handshake, Server finished (14):
>> * SSLv3, TLS handshake, Client key exchange (16):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSL connection using DHE-RSA-AES256-SHA
>> * Server certificate:
>> *        subject: /O=*.freeagent.com/OU=Domain Control
>> Validated/CN=*.freeagent.com
>> *        start date: 2011-04-18 10:53:44 GMT
>> *        expire date: 2013-04-18 10:53:44 GMT
>> *        subjectAltName: bigted.freeagent.com matched
>> *        issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
>> Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
>> Certification Authority/serialNumber=07969287
>> * SSL certificate verify ok.
>> * Server auth using Basic with user 'nicw at fc.com'
>>> GET /verify HTTP/1.1
>>> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
>>> Host: bigted.freeagent.com
>>> Accept: application/xml
>>> Content-Type: application/xml
>>>
>> < HTTP/1.1 200 OK
>> < Server: nginx/1.0.6
>> < Date: Mon, 19 Dec 2011 15:42:12 GMT
>> < Content-Type: application/xml; charset=utf-8
>> < Transfer-Encoding: chunked
>> < Connection: keep-alive
>> < Status: 200 OK
>> < User-Id: 6309
>> < User-Permission-Level: 8
>> < Company-Type: UkLimitedCompany
>> < Company-Currency: GBP
>> < Company-Mileage-Unit: miles
>> < Cache-Control: no-cache
>> < X-UA-Compatible: IE=Edge,chrome=1
>> < Set-Cookie: _freeagent_session=xxxxxxxxxxxxxxxxxx;
>> domain=.freeagent.com; path=/; expires=Mon, 19-Dec-2011 16:12:12 GMT;
>> secure; HttpOnly; max-age=1800
>> < X-Runtime: 0.015869
>> < X-Rev: 5aa7e9c
>> < X-Host: web3
>> <
>> * Connection #0 to host bigted.freeagent.com left intact
>> * Closing connection #0
>> * SSLv3, TLS alert, Client hello (1):
>>
>> Anyone (Sebastian?) got any ideas?
>>
>> Cheers
>>
>> Nic
>> --
>> Nic Wise
>> t.  +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise
>> b. http://www.fastchicken.co.nz/
>>
>> Nearest Bus: find when the next bus is coming to your stop. http://goo.gl/Vcz1p
>> mobileAgent (for FreeAgent): get your accounts in your pocket.
>> http://goo.gl/IuBU
>> Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa
>> London Bike App: Find the nearest Boris Bike, and get riding! http://goo.gl/Icp2
>> _______________________________________________
>> MonoTouch mailing list
>> MonoTouch at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/monotouch



-- 
Nic Wise
t.  +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise
b. http://www.fastchicken.co.nz/

Nearest Bus: find when the next bus is coming to your stop. http://goo.gl/Vcz1p
mobileAgent (for FreeAgent): get your accounts in your pocket.
http://goo.gl/IuBU
Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa
London Bike App: Find the nearest Boris Bike, and get riding! http://goo.gl/Icp2


More information about the MonoTouch mailing list