Hello Pere, On Thu, 2006-04-27 at 22:37 +0200, Pere Rodríguez wrote: > Hello Sebastien, > > 2006/4/27, Sebastien Pouliot <[EMAIL PROTECTED]>: > > Hello Pere, > > > > (you didn't c.c. the mailing-list ;-) > > yes! > > > > > Ok, so it's not related to PKCS12 either. We did a lot of SSL fixes in > > the 1.1.13.x branch and I'm not sure exactly when .6-3 was issued (wrt > > to the fixes). > > > > Please open a bugzilla issue on bugzilla.ximian.com (with complete > > step-by-step instruction on how to replicate your issue) and I'll have a > > look at it. > > Ok, I do it (although provisionally or I have solved the problem). > > > > > If this is already fixed in the branch then the fix may only requires > > you to update your Mono.Security.dll assembly (but not your whole > > setup). > > Ok, I do it. I have replaced version 1.1.13 of Mono.Security.dll by > the 1.1.15 and everything works fine :)
Great, that was the solution. Both the 1.1.13 branch and HEAD are in synch for Mono.Security (i.e. both are in bug fixing mode). > At the moment I will continue thus and when version 1.1.15 is > available in Debian I will update my system. The patch is also in the branch - but wasn't available when 1.1.13.6 was built. So any future revision of 1.1.13.x will also have the fix you require (no need to wait for 1.1.15+ if 1.1.13.x is updated on Debian). > Thank you very much. > > > > On Thu, 2006-04-27 at 15:33 +0200, Pere Rodríguez wrote: > > > Hello Sebastien, > > > > > > sorry, the correct command is: > > > > > > xsp --https --port 443 --p12file cert.p12 --pkpwd abc > > > > > > I forgot to type password. The PKCS#12 file has password. > > > > > > The -12243 error appears in firefox. > > > > > > I test on mono 1.1.13.4-1 and it run ok, and in mono 1.1.13.6-3 it > > > doesn't run. Perhaps I don't have installed some paquet ??? > > > > > > If I sniff the network I see this ssl result: > > > > > > Client (firefox) Server (xsp) > > > ClientHello --> > > > <-- ServerHello > > > <-- Certificate (the certificate that send is ok) > > > <-- ServerKeyExchange !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > <-- Alert:Warning:InternalError > > > Alert:Fatal:UnexpectedMessage --> > > > > > > If I program my https server, in firefox I obtain the same error, and > > > the ssl handshake is the same (..., certificate, serverkeyexchange, > > > ...). Now I obtain this mono error: > > > > > > System.IO.IOException: The authentication or decryption has failed. > > > ---> System.NotSupportedException: Operation is not supported. > > > in [0x00005] (at > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51) > > > Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update > > > () > > > in [0x00019] (at > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663) > > > Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback > > > (IAsyncResult ar)--- End of inner exception stack trace --- > > > > > > in [0x00054] (at > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107) > > > Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback > > > (IAsyncResult asyncResult) > > > > > > The same source works fine in mono 1.1.13.4-1, but in 1.1.13.6 appears > > > this error. > > > > > > Now I will install more mono packages (I think that I don't need them > > > ...) and, if the error persist, I will install mono 1.1.15 from bin > > > installer, but I don't like it, I prefer debian packages. > > > > > > Thanks in advance, > > > > > > pere > > > > > > > > > 2006/4/27, Sebastien Pouliot <[EMAIL PROTECTED]>: > > > > Hello Pere, > > > > > > > > On Thu, 2006-04-27 at 08:49 +0200, Pere Rodríguez wrote: > > > > > Hello Sebastien, > > > > > > > > > > at the moment I don't use client certificate, > > > > > > > > Ah, the article you referenced confused me. > > > > > > > > > I do: > > > > > > > > > > xsp --https --port 443 --p12file cert.p12 --pkpwd > > > > > > > > > > and it doesn't run ok, with firefox appears -12243 error. > > > > > > > > Where ? on XSP console or in FireFox ? > > > > > > > > > I test that with mono 1.1.13.4-1 it runs but with 1.1.13.6-3 it > > > > > doesn't run. Xsp always is 1.1.13-1 version. I work with debian sid. > > > > > > > > > > Some idea? > > > > > > > > I recall a change was done to handle PKCS#12 empty password (but I'm > > > > unsure when). Try generating a PKCS#12 file with a password. > > > > > > > > > Thanks in advance, > > > > > > > > No problem, but please continue to c.c. the mailing-list so all problems > > > > (and solutions) can be indexed. > > > > > > > > > pere > > > > > > > > > > > > > > > 2006/4/24, Sebastien Pouliot <[EMAIL PROTECTED]>: > > > > > > Hello Pere, > > > > > > > > > > > > I can do almost any steps in the wiki without problem. However it > > > > > > seems > > > > > > that wget 1.10 changed it's SSL options and doesn't accept the > > > > > > certificate as it used to (in version 1.9.1). > > > > > > > > > > > > Now, even then I do not get the same error as you are describing. > > > > > > This > > > > > > may be due to how you created the certificates (and/or executed > > > > > > XSP). > > > > > > > > > > > > Also note that executing "wget https://estudion/cctest.aspx"; doesn't > > > > > > send any client certificate, so an error is normal if XSP is running > > > > > > with the --https-client-require parameter. > > > > > > > > > > > > On Mon, 2006-04-24 at 09:45 +0200, Pere Rodríguez wrote: > > > > > > > Hello, > > > > > > > > > > > > > > I'm testing > > > > > > > http://www.mono-project.com/UsingClientCertificatesWithXSP > > > > > > > example and when I execute wget https://localhost/cctest.aspx I > > > > > > > obtain > > > > > > > this error: > > > > > > > > > > > > > > [EMAIL PROTECTED]:~/pki$ wget https://estudion/cctest.aspx > > > > > > > --09:38:30-- https://estudion/cctest.aspx > > > > > > > => `cctest.aspx' > > > > > > > S'està resolguent estudion... 127.0.0.1 > > > > > > > Connecting to estudion|127.0.0.1|:443... connexió establerta. > > > > > > > OpenSSL: error:1408D078:SSL routines:SSL3_GET_KEY_EXCHANGE:bad > > > > > > > rsa e length > > > > > > > No s'ha pogut establir la connexió SSL. > > > > > > > > > > > > > > I created PKCS#12 with openssl and with makecert and the error > > > > > > > always > > > > > > > is the same. > > > > > > > > > > > > > > I also test http://pages.infinit.net/ctech/200411.html example > > > > > > > and the > > > > > > > error with wget is the same. With this example the mono error is: > > > > > > > > > > > > > > System.IO.IOException: The authentication or decryption has > > > > > > > failed. > > > > > > > ---> System.NotSupportedException: Operation is not supported. > > > > > > > in [0x00005] (at > > > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsServerKeyExchange.cs:51) > > > > > > > Mono.Security.Protocol.Tls.Handshake.Server.TlsServerKeyExchange:Update > > > > > > > () > > > > > > > in [0x00019] (at > > > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:663) > > > > > > > Mono.Security.Protocol.Tls.RecordProtocol:InternalSendRecordCallback > > > > > > > (IAsyncResult ar)--- End of inner exception stack trace --- > > > > > > > > > > > > > > in [0x00054] (at > > > > > > > /home/ingo/mono-1.1.13.6/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:107) > > > > > > > Mono.Security.Protocol.Tls.SslStreamBase:AsyncHandshakeCallback > > > > > > > (IAsyncResult asyncResult) > > > > > > > > > > > > > > Thanks in advance, > > > > > > > > > > > > > > pere > > > > > > > _______________________________________________ > > > > > > > Mono-list maillist - [email protected] > > > > > > > http://lists.ximian.com/mailman/listinfo/mono-list > > > > > > -- > > > > > > Sebastien Pouliot <[EMAIL PROTECTED]> > > > > > > Blog: http://pages.infinit.net/ctech/ > > > > > > > > > > > > > > > > -- > > > > Sebastien Pouliot <[EMAIL PROTECTED]> > > > > Blog: http://pages.infinit.net/ctech/ > > > > > > > > > > -- > > Sebastien Pouliot <[EMAIL PROTECTED]> > > Blog: http://pages.infinit.net/ctech/ > > > > -- Sebastien Pouliot <[EMAIL PROTECTED]> Blog: http://pages.infinit.net/ctech/ _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
