[Mono-dev] TLS 1.2 Client Certificate Authentication
meebey at meebey.net
Thu Aug 3 09:02:28 UTC 2017
since I had troubles with getting client certificate auth to work, I wonder
if you have the same issue. Have you implemented the certificate selection?
Otherwise it will not send the certificate, see:
Mirco (meebey) Bauer
FOSS Hacker meebey at meebey.net https://www.meebey.net/
Debian Developer meebey at debian.org http://www.debian.org/
GNOME Foundation Member mmmbauer at gnome.org http://www.gnome.org/
CTO @ Gatecoin Ltd. mirco at gatecoin.com https://gatecoin.com/
.NET Foundation Advisory Council Member http://www.dotnetfoundation.org/
PGP-Key ID 0x7127E5ABEEF946C8 https://meebey.net/pubkey.asc
On Thu, Jul 27, 2017 at 8:50 PM, ashr <ashr at ashr.net> wrote:
> Hi guys,
> I've been trying to connect to a threat repository to suck intel feeds
> down with Mono. The interface use a client certificate and basic auth to
> validate the connection.
> I've played with mono versions from the version that comes with Xenial,
> all the way through to Mono JIT compiler version 22.214.171.124. The furthest
> I've come was on the latest version, I can see it at least tries to speak TLS
> 1.2, but something goes wrong before the Client Key Exchange, (so I'm guessing
> the Server Key exchange fails, wild guess from wireshark caps, I'm not an
> expert in SSL handshakes).
> This is the code I'm using to set this connection up:*https://pastebin.com/Ei3bsjdF
> * The MyRemoteCertificateValidationCallback validates the server cert
> without error and Mono seems to add the client certificate to the request
> just fine as well.
> A paste with the error that occurs during runtime (SecureChannelFailure
> (Syscall)): *https://pastebin.com/sUXQf9KF
> Screenshot of wireshark cap of the connection process: *https://imagebin.ca/v/3UjPy99nEI94
> Screenshot of a wireshark cap of a working connection through python
> (Using the same client side certificate connecting to same backend): *https://imagebin.ca/v/3UjQdz43jKSQ
> When I get some time tonight and during the weekend, I'll try set up a
> server with client side auth and test it locally as well, but if any of you
> gurus have an idea of what is going wrong or how to troubleshoot further,
> please let me know ?
> Many thanks
> Mono-devel-list mailing list
> Mono-devel-list at lists.dot.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list