Carlos,
I am using SslClientStream class in my client program to talk to an LDAP server
over SSL. But the handshake is not completing properly and the client hangs in
between. I wrote the following lines of code to do this:-
//certfile is a ASN1 DER encoded
selfsigned certificate file.
X509Certificate Cert =
X509Certificate.CreateFromCertFile(certfile);
Socket sock = new Socket (
AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.IP);
IPAddress hostadd =
Dns.Resolve(host).AddressList[0];
IPEndPoint ephost = new
IPEndPoint(hostadd,port);
sock.Connect(ephost);
NetworkStream nstream = new
NetworkStream(sock,true);
SslClientStream sslstream = new
SslClientStream( nstream, host, true,
Mono.Security.Protocol.Tls.SecurityProtocolType.Default,
new X509CertificateCollection(new
X509Certificate[]{Cert}));
System.IO.Stream input= sslstream;
System.IO.Stream output=sslstream;
I am using input and output stream to read and write on the socket. The certificate
looks like okay since i have used the same certificate to talk to the ldap server over
ssl using Openssl libraries.
Here is a log from the server which may give you some clue of what is happening on the
server side:-
LDAP : Monitor 0x508 received signal l
LDAP : Monitor 0x508 initiating TLS handshake on connection 0x9176cc0
LDAP : (164.99.145.182:51124)(0x0000:0x02) DoTLSHandshake on connection 0x9176cc0
LDAP : (164.99.145.182:51124)(0x0000:0x02) Connection 0x9176cc0 sending read
blocked signal r to monitor 0x508
LDAP : Monitor 0x508 received signal r
LDAP : Monitor 0x508 signaling read blocked connection 0x9176cc0
LDAP : (164.99.145.182:51124)(0x0000:0x02) Connection 0x9176cc0 sending read
blocked signal r to monitor 0x508
LDAP : Monitor 0x508 received signal r
In case of OpenSSL library ( When the handshake completes properly ) following log is
generated:-
LDAP : New TLS connection 0x9176cc0 from 164.99.159.221:2943, monitor = 0x508,
index = 1
LDAP : Connector sending signal l to monitor 0x508 for new connection 0x9176cc0
LDAP : Monitor 0x508 received signal l
LDAP : Monitor 0x508 initiating TLS handshake on connection 0x9176cc0
LDAP : (164.99.159.221:2943)(0x0000:0x02) DoTLSHandshake on connection 0x9176cc0
LDAP : (164.99.159.221:2943)(0x0000:0x02) Connection 0x9176cc0 sending read blocked
signal r to monitor 0x508
LDAP : Monitor 0x508 received signal r
LDAP : Monitor 0x508 signaling read blocked connection 0x9176cc0
LDAP : (164.99.159.221:2943)(0x0000:0x02) Completed TLS handshake on connection
0x9176cc0
LDAP : (164.99.159.221:2943)(0x0000:0x02) Connection 0x9176cc0 sending handshake
signal h to monitor 0x508
LDAP : Monitor 0x508 received signal h
Do you have any idea of what might be the cause of problem?
Regards
Sunil.
>>> Carlos Guzm�n �lvarez <[EMAIL PROTECTED]> 12/5/2003 6:08:23 PM >>>
Hello:
> I was trying to use some of the classes provided in
>Mono.Security.Protocol.Tls like TlsSocket,TlsSession etc.
I have removed it two weeks ago, and replaced it with an SslClientStream
implementation similar to the existent in the .NET 1.2 documentation.
>Can anyone tell me about the status of these classes.
They are under development, and at this moment they have some limitations:
- Client only.
- No real server certificate validation (only the certificate date and
target host are validated now).
- No client authentication.
The supported Cipher Suites for TLS protocol are:
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_DES_CBC_SHA
- TLS_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_RC4_128_MD5
And for SSL3 are:
- SSL_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_WITH_DES_CBC_SHA
- SSL_RSA_WITH_RC4_128_SHA
- SSL_RSA_WITH_RC4_128_MD5
I was busy this week and have no time for work on it but i have plans
for restart the work next week.
>BTW I was looking for a way to create SSL/TLS socket, Is there >any
other way thru which I can do without using TlsSocket >class?
You can use the Mono.Security.SslClientStream class for it.
An example on how to setup it:
string targetHost = "localhost";
IPAddress hostadd = Dns.Resolve("localhost").AddressList[0];
IPEndPoint EPhost = new IPEndPoint(hostadd, 443);
Socket socket = new Socket(AddressFamily.InterNetwork,
SocketType.Stream,
ProtocolType.IP);
// Make the socket to connect to the Server
socket.Connect(EPhost);
// Create a Network Stream that owns the socket
NetworkStream networkStream = new NetworkStream(socket, true);
// Create a new SslClientStream instance that owns the
// networkStream
SslClientStream sslStream = new SslClientStream(
networkStream,
targetHost,
true,
SecurityProtocolType.Default);
With SecurityProtocolType.Default the SslClientStream will use TLS as
security protocol, the handshake will be negotiated in the first
read/write operation.
--
Best regards
Carlos Guzm�n �lvarez
Vigo-Spain
_______________________________________________
Mono-list maillist - [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/mono-list
_______________________________________________
Mono-list maillist - [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/mono-list
