某些HTTPS域以单声道方式失败

时间:2016-02-09 21:22:21

标签: c# ssl mono certificate x509certificate

我有一些HTTPS域,无论我做什么,Mono都无法加载内容。

我正在OSX 10.11.X上编译并运行以下代码

using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

class MainClass
{
    public static bool Validator (object sender, X509Certificate certificate, X509Chain chain,
                                      SslPolicyErrors sslPolicyErrors)
    {
        return true;
    }

    public static void Main (string[] args)
    {
        ServicePointManager.ServerCertificateValidationCallback = Validator;
        WebRequest wr = WebRequest.Create (args [0]);
        Stream stream = wr.GetResponse ().GetResponseStream ();
        Console.WriteLine (new StreamReader (stream).ReadToEnd ());
    }
}

使用以下命令编译代码

mcs test.cs /r:System.dll /r:Mono.Security.dll

并通过例如调用http s://davidwalsh.name

执行 
mono tlstest.exe https://davidwalsh.name

即使我确定接受任何证书

,它也会失败并显示此消息 
Unhandled Exception:
System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x37e5fb8 + 0x000e3> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x37e5f10 + 0x0001f> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x37da130 + 0x0019b> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) <0x37e7408 + 0x00183> in <filename unknown>:0
  at System.Net.WebConnectionStream+<SetHeadersAsync>c__AnonStorey1.<>m__0 (IAsyncResult r) <0x37e6e50 + 0x000eb> in <filename unknown>:0
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x1e97358 + 0x00187> in <filename unknown>:0
  at System.Net.HttpWebRequest.GetResponse () <0x1e8c208 + 0x0004c> in <filename unknown>:0
  at MainClass.Main (System.String[] args) <0x727f88 + 0x00082> in <filename unknown>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x37e5fb8 + 0x000e3> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x37e5f10 + 0x0001f> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x37da130 + 0x0019b> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) <0x37e7408 + 0x00183> in <filename unknown>:0
  at System.Net.WebConnectionStream+<SetHeadersAsync>c__AnonStorey1.<>m__0 (IAsyncResult r) <0x37e6e50 + 0x000eb> in <filename unknown>:0
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x1e97358 + 0x00187> in <filename unknown>:0
  at System.Net.HttpWebRequest.GetResponse () <0x1e8c208 + 0x0004c> in <filename unknown>:0
  at MainClass.Main (System.String[] args) <0x727f88 + 0x00082> in <filename unknown>:0

mozroots --import --ask-remove没有帮助,无论如何都会抛出异常。

我还有一些其他HTTPS域也失败了:

  • http s://christian.panton.org
  • http s://penny-arcade.com
  • http s://rigeligtsmor.dk

我似乎无法找到一个关于为什么这些域名失败的模式,即使我已经把所有东西都拿走了。

我查看了http://www.mono-project.com/docs/faq/security/http://www.mono-project.com/archived/usingtrustedrootsrespectfully/,然后用Google搜索了网络,到目前为止还没有发现。

我最接近的是http://stackoverflow.com/questions/9733750/mono-certificate-issue-with-https-httpwebrequest,但这是* nix而不是OSX。类似的帖子http://answers.unity3d.com/questions/792342/how-to-validate-ssl-certificates-when-using-httpwe.html和http://stackoverflow.com/questions/4926676/mono-webrequest-失败与 - HTTPS

小程序在Windows上运行正常,这是因为Windows拥有我需要的所有根证书。

也许有些人知道这个问题的解决方案,但我觉得没有人知道如何解决这个问题。

1 个答案:

答案 0 :(得分:0)

您列出的所有域名都失败,需要Server Name Indication (SNI)。我猜你Mono的未知版本还没有支持SNI。如果是这种情况,只添加一些CA证书将无济于事,因为此问题与证书验证无关。

根据this bugreport Mono应该至少从版本3.0.10开始支持SNI,但不能在2.x中支持,这样你就可以检查你正在运行的版本。

相关问题
最新问题