Correct, mozroots should no longer be required/used. The cert-sync tool is the recommended approach for populating Mono’s certificate store on Linux now: http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync The Xamarin .deb/.rpm packages run this during package installation, if you built Mono from source you need to run it yourself.
TLS1.2 support is still a work in progress as far as I know. - Alex On 12/08/16 15:44, "Mono-devel-list on behalf of Edward Ned Harvey (mono)" <[email protected] on behalf of [email protected]> wrote: > From: Mono-devel-list [mailto:[email protected]] On > Behalf Of Craig McQueen > > On a Yocto-built embedded Linux system, we're trying to send e-mails > through SMTP with SSL (port 465) or MSA (port 587). We're testing with > smtp.gmail.com and smtp.zoho.com. We have code that works fine with > Windows. But with Mono, we're getting System.IO.IOException: The > authentication or decryption has failed. > > We've found on the Mono Security FAQ that we need: > > a) to install root certificates using mozroots or similar. > b) to get the intermediate certificates from the SMTPS port 465, using > certmgr. Historically, the above was necessary, and maybe some of it still is just because you're on an unusual linux system. (The above is automatically done during rpm/deb install, for later versions of red hat and debian/ubuntu). Historically, there were problems with the SSL/TLS classes in mono, in which a mono server would fail to send intermediates to a client, and a mono client would fail to cache any intermediates received from a non-mono server, resulting in mono client being able to talk to non-mono servers, and mono servers being able to talk to non-mono clients, but mono clients couldn't talk to mono servers. Much of this should hopefully be history now. First of all, there are ways of making mono use the OS crypto API, rather than use its own classes. I can't tell you exactly how to do that, so if you're interested, start a new thread saying exactly how you try to connect to your server (Are you using HttpClient?), and ask if that's using the old mono classes or the OS API, and ask if there's a different constructor you can use (or something) that would force the use of the OS API. (For example, using ModernHttpClient instead?) Also, I've heard, but haven't personally checked or tested, that mono is now using the microsoft TLS stack, including full support for TLS 1.2. So before anything else, try updating to the very latest stable version of mono, and see if that solves your problem. _______________________________________________ Mono-devel-list mailing list [email protected] http://lists.dot.net/mailman/listinfo/mono-devel-list _______________________________________________ Mono-devel-list mailing list [email protected] http://lists.dot.net/mailman/listinfo/mono-devel-list
