Hello Nic, Wildcard certificates have been supported by Mono for quite some time and since it's working for other people (right?) I think it's unlikely to be related to certificate validation.
Is there any way you can get the full exception ? that will confirm if this occurs at negotiation time or later. Sebastien On Mon, Dec 19, 2011 at 10:45 AM, Nic Wise <n...@fastchicken.co.nz> wrote: > Hi there > > I'm doing this in one of my apps: > > ------------------------ > > ServicePointManager.ServerCertificateValidationCallback = (sender, > cert, chain, ssl) => true; > > WebClient wc = new WebClient(); > string s = wc.DownloadString("http://cust.domain.com/verify"); > > //do some stuff with it > > ----------------------------------- > > (ok, so it's a LITTLE more than that - I set some headers to accept > XML, and set the timeout to around 30 seconds, and plug in a cookie > container) > > and on one customer, I'm getting this error back: > > Error getting response stream (Write: The authentication or decryption > has failed.): SendFailure > > However, I'm only getting it for this one customer, but he's getting > it on WIFI and 3G. > > The certificate is a wildcard one, tho it always has been.... Below is > a dump from curl which does exactly what I'm doing: > > * About to connect() to bigted.freeagent.com port 443 (#0) > * Trying 94.236.51.1... connected > * Connected to bigted.freeagent.com (94.236.51.1) port 443 (#0) > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server key exchange (12): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using DHE-RSA-AES256-SHA > * Server certificate: > * subject: /O=*.freeagent.com/OU=Domain Control > Validated/CN=*.freeagent.com > * start date: 2011-04-18 10:53:44 GMT > * expire date: 2013-04-18 10:53:44 GMT > * subjectAltName: bigted.freeagent.com matched > * issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure > Certification Authority/serialNumber=07969287 > * SSL certificate verify ok. > * Server auth using Basic with user 'n...@fc.com' >> GET /verify HTTP/1.1 >> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g >> zlib/1.2.3.3 libidn/1.8 libssh2/0.18 >> Host: bigted.freeagent.com >> Accept: application/xml >> Content-Type: application/xml >> > < HTTP/1.1 200 OK > < Server: nginx/1.0.6 > < Date: Mon, 19 Dec 2011 15:42:12 GMT > < Content-Type: application/xml; charset=utf-8 > < Transfer-Encoding: chunked > < Connection: keep-alive > < Status: 200 OK > < User-Id: 6309 > < User-Permission-Level: 8 > < Company-Type: UkLimitedCompany > < Company-Currency: GBP > < Company-Mileage-Unit: miles > < Cache-Control: no-cache > < X-UA-Compatible: IE=Edge,chrome=1 > < Set-Cookie: _freeagent_session=xxxxxxxxxxxxxxxxxx; > domain=.freeagent.com; path=/; expires=Mon, 19-Dec-2011 16:12:12 GMT; > secure; HttpOnly; max-age=1800 > < X-Runtime: 0.015869 > < X-Rev: 5aa7e9c > < X-Host: web3 > < > * Connection #0 to host bigted.freeagent.com left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > > Anyone (Sebastian?) got any ideas? > > Cheers > > Nic > -- > Nic Wise > t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise > b. http://www.fastchicken.co.nz/ > > Nearest Bus: find when the next bus is coming to your stop. > http://goo.gl/Vcz1p > mobileAgent (for FreeAgent): get your accounts in your pocket. > http://goo.gl/IuBU > Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa > London Bike App: Find the nearest Boris Bike, and get riding! > http://goo.gl/Icp2 > _______________________________________________ > MonoTouch mailing list > MonoTouch@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/monotouch _______________________________________________ MonoTouch mailing list MonoTouch@lists.ximian.com http://lists.ximian.com/mailman/listinfo/monotouch