Hello Nic,
Wildcard certificates have been supported by Mono for quite some time
and since it's working for other people (right?) I think it's unlikely
to be related to certificate validation.
Is there any way you can get the full exception ? that will confirm if
this occurs at negotiation time or later.
Sebastien
On Mon, Dec 19, 2011 at 10:45 AM, Nic Wise <n...@fastchicken.co.nz> wrote:
> Hi there
>
> I'm doing this in one of my apps:
>
> ------------------------
>
> ServicePointManager.ServerCertificateValidationCallback = (sender,
> cert, chain, ssl) => true;
>
> WebClient wc = new WebClient();
> string s = wc.DownloadString("http://cust.domain.com/verify";);
>
> //do some stuff with it
>
> -----------------------------------
>
> (ok, so it's a LITTLE more than that - I set some headers to accept
> XML, and set the timeout to around 30 seconds, and plug in a cookie
> container)
>
> and on one customer, I'm getting this error back:
>
> Error getting response stream (Write: The authentication or decryption
> has failed.): SendFailure
>
> However, I'm only getting it for this one customer, but he's getting
> it on WIFI and 3G.
>
> The certificate is a wildcard one, tho it always has been.... Below is
> a dump from curl which does exactly what I'm doing:
>
> * About to connect() to bigted.freeagent.com port 443 (#0)
> * Trying 94.236.51.1... connected
> * Connected to bigted.freeagent.com (94.236.51.1) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using DHE-RSA-AES256-SHA
> * Server certificate:
> * subject: /O=*.freeagent.com/OU=Domain Control
> Validated/CN=*.freeagent.com
> * start date: 2011-04-18 10:53:44 GMT
> * expire date: 2013-04-18 10:53:44 GMT
> * subjectAltName: bigted.freeagent.com matched
> * issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
> Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
> Certification Authority/serialNumber=07969287
> * SSL certificate verify ok.
> * Server auth using Basic with user 'n...@fc.com'
>> GET /verify HTTP/1.1
>> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g
>> zlib/1.2.3.3 libidn/1.8 libssh2/0.18
>> Host: bigted.freeagent.com
>> Accept: application/xml
>> Content-Type: application/xml
>>
> < HTTP/1.1 200 OK
> < Server: nginx/1.0.6
> < Date: Mon, 19 Dec 2011 15:42:12 GMT
> < Content-Type: application/xml; charset=utf-8
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < Status: 200 OK
> < User-Id: 6309
> < User-Permission-Level: 8
> < Company-Type: UkLimitedCompany
> < Company-Currency: GBP
> < Company-Mileage-Unit: miles
> < Cache-Control: no-cache
> < X-UA-Compatible: IE=Edge,chrome=1
> < Set-Cookie: _freeagent_session=xxxxxxxxxxxxxxxxxx;
> domain=.freeagent.com; path=/; expires=Mon, 19-Dec-2011 16:12:12 GMT;
> secure; HttpOnly; max-age=1800
> < X-Runtime: 0.015869
> < X-Rev: 5aa7e9c
> < X-Host: web3
> <
> * Connection #0 to host bigted.freeagent.com left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
>
> Anyone (Sebastian?) got any ideas?
>
> Cheers
>
> Nic
> --
> Nic Wise
> t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise
> b. http://www.fastchicken.co.nz/
>
> Nearest Bus: find when the next bus is coming to your stop.
> http://goo.gl/Vcz1p
> mobileAgent (for FreeAgent): get your accounts in your pocket.
> http://goo.gl/IuBU
> Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa
> London Bike App: Find the nearest Boris Bike, and get riding!
> http://goo.gl/Icp2
> _______________________________________________
> MonoTouch mailing list
> MonoTouch@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/monotouch
_______________________________________________
MonoTouch mailing list
MonoTouch@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/monotouch
