7
votes

I'm trying to port an existing WCF client application to run on Linux under Mono. Right now I'm testing everything out, figuring out what works on Mono and what doesn't.

The client makes a super simple call over basicHttpBinding. It works great, until I enable SSL (that is, specify BasicHttpSecurityMode.Transport in the binding).

  • Running on .NET in Windows, it works great
  • Running on Mono on Ubuntu 9.10 / Mono 2.6 I get the following error:

Exception in async operation: System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

I've read the Mono security FAQ; however the SSL certificate on the server is from a root CA (a purchased certificate) - issued by Equifax Secure Certificate Authority. I ran the TlsTest tool on the Ubuntu install against the .svc URL and there are no problems/errors. Also I can hit the service fine in Firefox (no security warnings).

What am I missing?

2

2 Answers

2
votes

The TlsTest file from Mono is really good at checking this, so it seems a bit silly to even ask - but: Can you use the WebClient to make a request to the .svc file and get a response back? If not, there are probably still issues with the certificate for some reason.

I am also guessing you have used the mozroots or certmgr tools to verify the root CA is there? What about explicitly adding the certificate on your site to the store through certmgr?

One more reminder: the certmgr tool generally works on a copy of the certs for the current user, you need to specify the --machine arg so all users get the cert.

0
votes

I found some trick to eliminate the error:

using System.Security.Cryptography.X509Certificates;

public class HttpWebRequestClientCertificateTest : ICertificatePolicy {



    public bool CheckValidationResult (ServicePoint sp, X509Certificate certificate,

        WebRequest request, int error)

        {

            return true;

        }

    }

.....

ServicePointManager.CertificatePolicy = new HttpWebRequestClientCertificateTest ();

HttpWebRequest request = ...

Perhaps it will work for others that have that bug in Mono 2.6.