Re: [Mono-dev] About System.Net.Security.SslStream
I would like to reiterate my request for a binding to nss. I realize demand is not high, I just want every vote counted :). IMO if you want your vote to count then you should open a bug report* (severity Enhancement) otherwise it will just stay noise on the mailing-list. As you know I filed the enhancement https://bugzilla.novell.com/show_bug.cgi?id=444291 , but I don't think that noise is all that useless. Fedora is going to try to standardize on NSS. http://fedoraproject.org/wiki/FedoraCryptoConsolidation NSS will be part of LSB 4.0. In other words, yes Linux is great and diverse, but there will be a standard. http://ldn.linuxfoundation.org/node/5576 and probably elsewhere... I just don't want mono to be overlooked when it comes to writing standard secure software on Linux. Apparently, Red Hat and Sun have a lot of clout and can make their nss the Linux standard. It would not be farfetched for (Open)SuSE, Debian/*Buntu, etc to also migrate to using NSS. If I were on the appropriate mailing lists, I would certainly advocate for it there as well. I miss the Linux Hater. He would have my back... :) Vlad smime.p7s Description: S/MIME cryptographic signature ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] About System.Net.Security.SslStream
Sebastien, On Tue, 2008-11-11 at 15:12 +0800, ?? wrote: Hello! I'm using mono 1.9.2 and trying to write a small program using SslStream. The program runs as server side program. I found if I write the program as serverCertificate = X509Certificate.CreateFromCertFile(certificate); SslStream sslStream = new SslStream( client.GetStream() ); sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true); I will get a Server certificate Private Key unavailable error. This depends on which type of certificate file you're providing the X509Certificate ctor and the framework version you're using (I assume 2.9 since you're using SslStream). A typical .cer does not have a private key inside it so it wont work. Using a PKCS#12 file, containing a certificate and a private key, will work. The main difference is not the framework but the fact that Windows CryptoAPI defines relations between certificates and keys (when persisted) and allow code to find a private key when you supply a certificate (even if its not loaded from a certificate store). No such facility exists under Linux. I would like to reiterate my request for a binding to nss. I Believe that such a binding would provide the capability sought here. I realize demand is not high, I just want every vote counted :). Cheers, Vlad ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] About System.Net.Security.SslStream
On Wed, 2008-11-12 at 10:46 -0500, Vladimir Giszpenc wrote: Sebastien, On Tue, 2008-11-11 at 15:12 +0800, ?? wrote: Hello! I'm using mono 1.9.2 and trying to write a small program using SslStream. The program runs as server side program. I found if I write the program as serverCertificate = X509Certificate.CreateFromCertFile(certificate); SslStream sslStream = new SslStream( client.GetStream() ); sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true); I will get a Server certificate Private Key unavailable error. This depends on which type of certificate file you're providing the X509Certificate ctor and the framework version you're using (I assume 2.9 since you're using SslStream). A typical .cer does not have a private key inside it so it wont work. Using a PKCS#12 file, containing a certificate and a private key, will work. The main difference is not the framework but the fact that Windows CryptoAPI defines relations between certificates and keys (when persisted) and allow code to find a private key when you supply a certificate (even if its not loaded from a certificate store). No such facility exists under Linux. I would like to reiterate my request for a binding to nss. Well you asked for NSS bindings to get FIPS140 support which is *very* different that asking for NSS certificate support (that is not covered by FIPS140). Now I admit I have (long ago) been thinking/planning how cryptographic bindings could be added to Mono (e.g. Crimson) but this *never* extended to X509 support (since that part of the FX is not much extensible, nor replaceable). I Believe that such a binding would provide the capability sought here. Nice try ;-) but it would not help since the real problem is in the MS API design (which depends on CryptoAPI behavior). Adding a binding to NSS would only provide another, different, API that can do something better - just like we already provide another API (inside Mono.Security) that does the job like people would expect. I.e. the capability already exists, the MS API just makes it hard (but not impossible) to fit it in. I realize demand is not high, I just want every vote counted :). IMO if you want your vote to count then you should open a bug report* (severity Enhancement) otherwise it will just stay noise on the mailing-list. Sebastien * but be careful what you wish for! because extending your original request to get more votes only makes the project scope larger and less likely that anyone will be interested in its (full) implementation (imagine if some cool hacker only implemented NSS bindings for X.509 certificates ;-) ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] About System.Net.Security.SslStream
2008/11/11 Sebastien Pouliot [EMAIL PROTECTED]: This depends on which type of certificate file you're providing the X509Certificate ctor and the framework version you're using (I assume 2.9 since you're using SslStream). A typical .cer does not have a private key inside it so it wont work. Using a PKCS#12 file, containing a certificate and a private key, will work. Thanks very much, SslStream works after I create a PKCS#12 file. Certainly in what sense ? you tried it ? Google a bit and you'll see that many people use Mono.Security.dll under Windows - the assembly is fully managed and will run everywhere. Sorry, I mean running it without installing mono. I just think it will be better for end users in Windows if they can run the program with little 'addons' installed. SslStream does, thank you very much. 以Wiki模式创建Linux中文文档,欢迎加入 http://www.linux-wiki.cn/ ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] About System.Net.Security.SslStream
On Tue, 2008-11-11 at 15:12 +0800, 陈醒 wrote: Hello! I'm using mono 1.9.2 and trying to write a small program using SslStream. The program runs as server side program. I found if I write the program as serverCertificate = X509Certificate.CreateFromCertFile(certificate); SslStream sslStream = new SslStream( client.GetStream() ); sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true); I will get a Server certificate Private Key unavailable error. This depends on which type of certificate file you're providing the X509Certificate ctor and the framework version you're using (I assume 2.9 since you're using SslStream). A typical .cer does not have a private key inside it so it wont work. Using a PKCS#12 file, containing a certificate and a private key, will work. The main difference is not the framework but the fact that Windows CryptoAPI defines relations between certificates and keys (when persisted) and allow code to find a private key when you supply a certificate (even if its not loaded from a certificate store). No such facility exists under Linux. But if I use SslServerStream provided by Mono.Security and prepare a pvk file and do as the monodoc says, it works. But certainly the program won't run in .net framework. Certainly in what sense ? you tried it ? Google a bit and you'll see that many people use Mono.Security.dll under Windows - the assembly is fully managed and will run everywhere. Is it because the developing of SslStream not finished or is it a bug of SslStream? Is there any way to write a program works with better compatibility? Thanks. With the information you provided it looks like configuration issue to me, not a bug. Try the above (and google the subject) and you should be ok soon. If not the please fill a bug report with a full sample of what you're doing. Sebastien ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
[Mono-dev] About System.Net.Security.SslStream
Hello! I'm using mono 1.9.2 and trying to write a small program using SslStream. The program runs as server side program. I found if I write the program as serverCertificate = X509Certificate.CreateFromCertFile(certificate); SslStream sslStream = new SslStream( client.GetStream() ); sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true); I will get a Server certificate Private Key unavailable error. But if I use SslServerStream provided by Mono.Security and prepare a pvk file and do as the monodoc says, it works. But certainly the program won't run in .net framework. Is it because the developing of SslStream not finished or is it a bug of SslStream? Is there any way to write a program works with better compatibility? Thanks. 以Wiki模式创建Linux中文文档,欢迎加入 http://www.linux-wiki.cn/ ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
