Bug 11703 - Mono.Security.X509Certificate.Hash does not support SHA2 digest algorithms, makes such certificates unusable with XSP
Summary: Mono.Security.X509Certificate.Hash does not support SHA2 digest algorithms, m...
Status: RESOLVED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: mscorlib ()
Version: master
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2013-04-10 09:18 UTC by Mathias
Modified: 2013-05-21 16:35 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Mathias 2013-04-10 09:18:41 UTC
If I run a ASP.NET Webservice with apache and mod_mono and want to use a client certificate for TLS authentication which is signed using a digest algorithm from the SHA-2 family (SHA256/384/512), this fails. 
The following exception is logged in the apache error log:

System.ArgumentNullException: Argument cannot be null.
Parameter name: value
  at System.BitConverter.ToString (System.Byte[] value) [0x00000] in <filename unknown>:0 
  at Mono.WebServer.ModMonoWorkerRequest.IsCertificateValidForMono (System.Byte[] der) [0x00000] in <filename unknown>:0 
  at Mono.WebServer.ModMonoWorkerRequest.IsClientCertificateValid (System.Byte[] der) [0x00000] in <filename unknown>:0 
  at Mono.WebServer.ModMonoApplicationHost.ProcessRequest (Int32 reqId, System.String verb, System.String queryString, System.String path, System.String protocol, System.String localAddress, Int32 serverPort, System.String remoteAddress, Int32 remotePort, System.String remoteName, System.String[] headers, System.String[] headerValues, System.Object worker) [0x00000] in <filename unknown>:0 

I tried to trace the bug down, and found, that in the IsCertificateValidForMono method (https://github.com/mono/xsp/blob/master/src/Mono.WebServer.Apache/ModMonoWorkerRequest.cs#L311 ), there is a call to the method Mono.Security.X509Certificate.Hash, which should calculate a digest of the certificate. That method can be found here: https://github.com/mono/mono/blob/master/mcs/class/corlib/Mono.Security.X509/X509Certificate.cs#L285 It only creates hashes for certificates which are signed mit a MD5 or a SHA-1 hash, in all other cases it returns null.

This has quite serious security implications, as SHA-1 is not considered very secure for long time use anymore.
Comment 1 Sebastien Pouliot 2013-05-16 15:19:47 UTC
Can you provide us with certificates using those hash algorithms (for test cases) ? If so I'll add support for them.
Comment 2 Sebastien Pouliot 2013-05-16 19:54:55 UTC
nm, it's already supported in Mono.Security.dll (but the in the copy inside corlib). That change will soon be merged (for other reasons). I'll close the bug when it's done
Comment 3 Mathias 2013-05-17 03:53:31 UTC
If you still need the certificates, I'll provide them anyway.

Here is one signed with sha512WithRSAEncryption

-----BEGIN CERTIFICATE-----
MIICEzCCAZ2gAwIBAgIJAPiS2oivJYOjMA0GCSqGSIb3DQEBDQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTMwNTE3MDc1MDM0WhcNNDAxMDAyMDc1MDM0WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOLg
Q99qT7Uw7eNwxMPulztq8jfv+FJ9OO0IOKA1GyRFxAU3a936f4JzRbIvDhNWN+xP
KnEfpTrZ77Ie0WX7r75/7uWfTX8k6AnoNUQT6pH7bS6+EXewfcMxxeHyA+lmZQID
AQABo1AwTjAdBgNVHQ4EFgQUkuuqagjsaluvT7+SJ1JSdvZgHzAwHwYDVR0jBBgw
FoAUkuuqagjsaluvT7+SJ1JSdvZgHzAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQ0FAANhADp2DvEAgHJ+gTLl4vm44aW0YxEhJDvn/2RBbtOjS+L429q4IbMooKni
+HNRDfc630EuJ0rlX+O4HnVX8XPi+OGu2DOZcZ7wLL9VkE6hP2itdZTMRQiz3Jad
IJdyuHqcXg==
-----END CERTIFICATE-----

And, for the sake of completeness, also one with ripemd160WithRSA:

-----BEGIN CERTIFICATE-----
MIICDTCCAZqgAwIBAgIJAKYqspeKwzSHMAoGBiskAwMBAgUAMEUxCzAJBgNVBAYT
AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
aXRzIFB0eSBMdGQwHhcNMTMwNTE3MDc1MTE4WhcNNDAxMDAyMDc1MTE4WjBFMQsw
CQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJQVGuEw
554eSxOCZ2fVCWT8NgfOOK4C+ryY7s8I1WEzav9ODoq55ptvuLBr8E0v5ypFo0eh
1QMsbABW0xzs2ZnYG/8D8XSs2iDQcVjXJ8AXmUMJ/VQDRE1RmQmauyJThwIDAQAB
o1AwTjAdBgNVHQ4EFgQUIVYZBXDoWvzjod0NHIuc3zkzonYwHwYDVR0jBBgwFoAU
IVYZBXDoWvzjod0NHIuc3zkzonYwDAYDVR0TBAUwAwEB/zAKBgYrJAMDAQIFAANh
AJNFfqbrjeA28Q3FwGGj9jbbcagFiosSraylNui+GPGNjkyMEEfo0okui0PCs3Bf
vw5pcVqGg8Y0SB4Qm73oR2b2l0wHXWQd5o6ptxD0wcnUXDu2gpIt7+dCOwm/U4m9
Cw==
-----END CERTIFICATE-----
Comment 4 Sebastien Pouliot 2013-05-17 10:19:02 UTC
Thanks! RIPEMD160 support is not present right now, but I'll look to add it.
Comment 5 Sebastien Pouliot 2013-05-21 16:35:18 UTC
Fixed in b9ca2e5f413a6eb1da64acd4ef5b073ed3799eb7 (added RIPEMD160 support and test for it, SHA256 and SHA512). That should be available in 3.0.11. Thanks!