> Wildcard certificates have been supported by Mono for quite some time > and since it's working for other people (right?) I think it's unlikely > to be related to certificate validation.
Just works for everyone BUT this one person. > Is there any way you can get the full exception ? that will confirm if > this occurs at negotiation time or later. I can try. I'm not logging it (but I should be!), so I'll see if I can get him a ad-hoc build with more of a dump in there. I hate unrepro-able bugs. :) thanks. Nic > > On Mon, Dec 19, 2011 at 10:45 AM, Nic Wise <[email protected]> wrote: >> Hi there >> >> I'm doing this in one of my apps: >> >> ------------------------ >> >> ServicePointManager.ServerCertificateValidationCallback = (sender, >> cert, chain, ssl) => true; >> >> WebClient wc = new WebClient(); >> string s = wc.DownloadString("http://cust.domain.com/verify";); >> >> //do some stuff with it >> >> ----------------------------------- >> >> (ok, so it's a LITTLE more than that - I set some headers to accept >> XML, and set the timeout to around 30 seconds, and plug in a cookie >> container) >> >> and on one customer, I'm getting this error back: >> >> Error getting response stream (Write: The authentication or decryption >> has failed.): SendFailure >> >> However, I'm only getting it for this one customer, but he's getting >> it on WIFI and 3G. >> >> The certificate is a wildcard one, tho it always has been.... Below is >> a dump from curl which does exactly what I'm doing: >> >> * About to connect() to bigted.freeagent.com port 443 (#0) >> * Trying 94.236.51.1... connected >> * Connected to bigted.freeagent.com (94.236.51.1) port 443 (#0) >> * successfully set certificate verify locations: >> * CAfile: none >> CApath: /etc/ssl/certs >> * SSLv3, TLS handshake, Client hello (1): >> * SSLv3, TLS handshake, Server hello (2): >> * SSLv3, TLS handshake, CERT (11): >> * SSLv3, TLS handshake, Server key exchange (12): >> * SSLv3, TLS handshake, Server finished (14): >> * SSLv3, TLS handshake, Client key exchange (16): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSL connection using DHE-RSA-AES256-SHA >> * Server certificate: >> * subject: /O=*.freeagent.com/OU=Domain Control >> Validated/CN=*.freeagent.com >> * start date: 2011-04-18 10:53:44 GMT >> * expire date: 2013-04-18 10:53:44 GMT >> * subjectAltName: bigted.freeagent.com matched >> * issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, >> Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure >> Certification Authority/serialNumber=07969287 >> * SSL certificate verify ok. >> * Server auth using Basic with user '[email protected]' >>> GET /verify HTTP/1.1 >>> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g >>> zlib/1.2.3.3 libidn/1.8 libssh2/0.18 >>> Host: bigted.freeagent.com >>> Accept: application/xml >>> Content-Type: application/xml >>> >> < HTTP/1.1 200 OK >> < Server: nginx/1.0.6 >> < Date: Mon, 19 Dec 2011 15:42:12 GMT >> < Content-Type: application/xml; charset=utf-8 >> < Transfer-Encoding: chunked >> < Connection: keep-alive >> < Status: 200 OK >> < User-Id: 6309 >> < User-Permission-Level: 8 >> < Company-Type: UkLimitedCompany >> < Company-Currency: GBP >> < Company-Mileage-Unit: miles >> < Cache-Control: no-cache >> < X-UA-Compatible: IE=Edge,chrome=1 >> < Set-Cookie: _freeagent_session=xxxxxxxxxxxxxxxxxx; >> domain=.freeagent.com; path=/; expires=Mon, 19-Dec-2011 16:12:12 GMT; >> secure; HttpOnly; max-age=1800 >> < X-Runtime: 0.015869 >> < X-Rev: 5aa7e9c >> < X-Host: web3 >> < >> * Connection #0 to host bigted.freeagent.com left intact >> * Closing connection #0 >> * SSLv3, TLS alert, Client hello (1): >> >> Anyone (Sebastian?) got any ideas? >> >> Cheers >> >> Nic >> -- >> Nic Wise >> t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise >> b. http://www.fastchicken.co.nz/ >> >> Nearest Bus: find when the next bus is coming to your stop. >> http://goo.gl/Vcz1p >> mobileAgent (for FreeAgent): get your accounts in your pocket. >> http://goo.gl/IuBU >> Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa >> London Bike App: Find the nearest Boris Bike, and get riding! >> http://goo.gl/Icp2 >> _______________________________________________ >> MonoTouch mailing list >> [email protected] >> http://lists.ximian.com/mailman/listinfo/monotouch -- Nic Wise t. +44 7788 592 806 | @fastchicken | http://www.linkedin.com/in/nicwise b. http://www.fastchicken.co.nz/ Nearest Bus: find when the next bus is coming to your stop. http://goo.gl/Vcz1p mobileAgent (for FreeAgent): get your accounts in your pocket. http://goo.gl/IuBU Trip Wallet: Keep track of your budget on the go: http://goo.gl/ePhKa London Bike App: Find the nearest Boris Bike, and get riding! http://goo.gl/Icp2 _______________________________________________ MonoTouch mailing list [email protected] http://lists.ximian.com/mailman/listinfo/monotouch
