Bug 12381 - Unable to load an HTTPS url : The authentication or decryption has failed
Summary: Unable to load an HTTPS url : The authentication or decryption has failed
Status: RESOLVED FIXED
Alias: None
Product: Android
Classification: Xamarin
Component: BCL Class Libraries ()
Version: 4.7.x
Hardware: PC Windows
: Normal normal
Target Milestone: ---
Assignee: Jonathan Pryor
URL:
: 12269 12428 12520 ()
Depends on:
Blocks:
 
Reported: 2013-05-24 05:27 UTC by softlion
Modified: 2014-01-14 08:42 UTC (History)
9 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description softlion 2013-05-24 05:27:40 UTC
It works ok in version 4.7.0000

Steps to reproduce:

string url = "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/203171_1504448214_889230323_q.jpg";

ServicePointManager.ServerCertificateValidationCallback = (s, cert, chain, policy) => true;
var task = new WebClient().DownloadDataTaskAsync(url).ContinueWith(t =>
{
  if(t.Status == TaskStatus.Faulted)
     ....; //The status is always faulted in 4.7.05184
}, TaskScheduler.FromCurrentSynchronizationContext());




E/S&T     (28000): async call failed (Fb Download Picture)
E/S&T     (28000): System.AggregateException:  ---> System.Net.WebException: Err
or getting response stream (Write: The authentication or decryption has failed.)
: SendFailure ---> System.IO.IOException: The authentication or decryption has f
ailed. ---> System.NullReferenceException: Object reference not set to an instan
ce of an object
E/S&T     (28000):   at Mono.Security.Protocol.Tls.CipherSuite.createEncryptionC
ipher () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.CipherSuite.InitializeCipher
() [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHa
ndshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeC
allback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   --- End of inner exception stack trace ---
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeC
allback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   --- End of inner exception stack trace ---
E/S&T     (28000):   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult a
syncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Threading.Tasks.TaskFactory`1[System.Net.WebRespo
nse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func
`2 endMethod, IAsyncResult l) [0x00000] in <filename unknown>:0
E/S&T     (28000): --- End of stack trace from previous location where exception
 was thrown ---
E/S&T     (28000):   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.T
hrow () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`
1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00000] in <filen
ame unknown>:0
E/S&T     (28000):   at System.Net.WebClient+<GetWebResponseTaskAsync>c__asyncA.
MoveNext () [0x00000] in <filename unknown>:0
E/S&T     (28000): --- End of stack trace from previous location where exception
 was thrown ---
E/S&T     (28000):   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.T
hrow () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Runtime.CompilerServices.TaskAwaiter`1[System.Net
.WebResponse].GetResult () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Net.WebClient+<DownloadDataTaskAsync>c__async8.Mo
veNext () [0x00000] in <filename unknown>:0
E/S&T     (28000):   --- End of inner exception stack trace ---
E/S&T     (28000):  --> (Inner exception 0) System.Net.WebException: Error getti
ng response stream (Write: The authentication or decryption has failed.): SendFa
ilure ---> System.IO.IOException: The authentication or decryption has failed. -
--> System.NullReferenceException: Object reference not set to an instance of an
 object
E/S&T     (28000):   at Mono.Security.Protocol.Tls.CipherSuite.createEncryptionC
ipher () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.CipherSuite.InitializeCipher
() [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHa
ndshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeC
allback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   --- End of inner exception stack trace ---
E/S&T     (28000):   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeC
allback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   --- End of inner exception stack trace ---
E/S&T     (28000):   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult a
syncResult) [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Threading.Tasks.TaskFactory`1[System.Net.WebRespo
nse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func
`2 endMethod, IAsyncResult l) [0x00000] in <filename unknown>:0
E/S&T     (28000): --- End of stack trace from previous location where exception
 was thrown ---
E/S&T     (28000):   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.T
hrow () [0x00000] in <filename unknown>:0
E/S&T     (28000):   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`
1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00000] in <filen
ame unknown>:0
E/S&T     (28000):   at System.Net.WebClient+<GetWebResponseTaskAsync>c__asyncA.
MoveNext () [0x00000] in <filename unknown>:0
E/S&T     (28000): --- End of stack trace from previous location where exception
 was thrown ---
Comment 1 Miguel de Icaza [MSFT] 2013-05-27 06:23:22 UTC
Perhaps a recent change in Mono/master?
Comment 2 Sebastien Pouliot 2013-05-27 08:02:58 UTC
Possible, we switched from using Rijndael to Aes recently (same algorithm, Aes being a smaller implementation and a much faster one on iOS).

Is 4.7.05184 the your current, failing, version ? 

I need to track which exact mono version is being used by your release.
Comment 3 softlion 2013-05-27 12:52:01 UTC
This bug appears on latest alpha on alpha channel:
mono-android-4.7.05184 from may 23.

On my laptop i stayed with the previous version, and compiled the same code, and it works ok.
Comment 4 Sebastien Pouliot 2013-05-27 13:14:48 UTC
The same (shared mono) code works nicely on iOS, i.e 

    t.Status == System.Threading.Tasks.TaskStatus.RanToCompletion

@jonp I don't see a tag for any 4.7.5 release ? can you tell me which mono/master revision was used to build it 4.7.05184 ?

I suspect it could be between [1] and [2]. [1] had a short lived typo but it would match the stack trace.

[1] 0bf408eec06e752b21885fe9d1890d35f036805c
[2] 93fb13c44a58a67f070d26ce0deb3d240f2fa4bb
Comment 5 Sebastien Pouliot 2013-05-29 10:33:41 UTC
The issue might* be that:

a) Aes.Create does:

			return Create ("System.Security.Cryptography.AesCryptoServiceProvider, " + Consts.AssemblySystem_Core);

b) Android's System.Core includes AesManaged only, not AesCryptoServiceProvider so the call will fail /  return null;

c) Recent change for SSL/TLS uses Aes.Create, not Rijndael.Create, because it's smaller (less code since support for 192 and 256 block sizes are removed) and much faster (at least for iOS since it's accelerated by CommonCrypto).

* it's at least part of the issue (and needs to be fixed).
Comment 6 Jonathan Pryor 2013-05-29 13:27:12 UTC
@spouliot: The 4.7.5 release tag is monodroid-4.7.5. :-)

The mono revision is f956a83b65670179cd3d344abb6bdceac29e22fe.

Regarding (b), how does Xamarin.iOS include AesCryptoServiceProvider? It's not in mobile_System.Core.dll.sources:

https://github.com/mono/mono/blob/master/mcs/class/System.Core/mobile_System.Core.dll.sources
Comment 7 Sebastien Pouliot 2013-05-29 13:48:50 UTC
> @spouliot: The 4.7.5 release tag is monodroid-4.7.5. :-)

Make sense, but that tag (and others) did not exist when I asked ;-)

> how does Xamarin.iOS include AesCryptoServiceProvider?

It does not [1]. We can't load code dynamically with iOS so we're bypassing CryptoConfig [2] (when FULL_AOT_RUNTIME is defined) and the iOS linker makes sure AesManaged is available (in System.Core.dll) if Aes is preserved (in mscorlib.dll).

AesManaged was used (for FULL_AOT_RUNTIME) because it's was already in the mobile profile (and it did not make sense to duplicate the code). OTOH AesCryptoServiceProvider is needed for compatibility with MS .NET (yes there are differences in what's supported between them, e.g. CFB8 mode) so it needs to stay for the desktop.


[1] but it should at some point because mobile's System.Core public API differs from the 4.5 profile (but that's another issue/task)

[2] https://github.com/mono/mono/blob/master/mcs/class/System.Core/System.Security.Cryptography/Aes.cs
Comment 8 Sebastien Pouliot 2013-05-29 13:54:03 UTC
So f956a83b65670179cd3d344abb6bdceac29e22fe is after my typo fix.

If Aes.Create() presently returns null on Android then it's the real issue, solving it should fix the SSL NRE (when AES is being used).
Comment 9 Sebastien Pouliot 2013-06-02 11:30:00 UTC
-> jonp

Let me know if there are further SSL issues once Aes.Create returns non-null (and test it in a linked app).
Comment 10 Gerry 2013-06-04 17:36:16 UTC
As a side note I reported this as a bug as well : Bug #12428.  It is still broken in 4.7.6.

My call is a WebRequest.Create(url), etc. but the callback stack is identical.

In the meantime I've had to drop back to non-SSL to move forward.

Gerry
Comment 11 Jonathan Pryor 2013-06-04 19:37:05 UTC
*** Bug 12428 has been marked as a duplicate of this bug. ***
Comment 12 Jonathan Pryor 2013-06-04 19:37:15 UTC
*** Bug 12269 has been marked as a duplicate of this bug. ***
Comment 13 Jonathan Pryor 2013-06-04 22:05:52 UTC
*** Bug 12520 has been marked as a duplicate of this bug. ***
Comment 14 Jonathan Pryor 2013-06-04 22:06:12 UTC
Fixed in monodroid/5ca3cb4b.
Comment 16 Jonathan Pryor 2013-08-14 14:24:02 UTC
@Malcolm: This issue was due to "re-basing" Xamarin.Android atop Mono 3.0 from Mono 2.10. Xamarin.Mac is currently still based on Mono 2.10 (a rebase atop 3.0 is forthcoming).

Please file a new bug for Xamarin.Mac-specific issues.
Comment 18 fwaris 2014-01-09 10:31:51 UTC
I am also seeing this error in the latest alpha (on Android).

Note that the program works fine on Debug build but fails only in Release mode.

I have a tiny app that reproduces this error.

The exception in release mode is:

Error getting response stream (Write: The authentication or decryption has failed.): SendFailure
  at System.Net.HttpWebRequest.EndGetRequestStream (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
  at System.Net.HttpWebRequest.GetRequestStream () [0x00000] in <filename unknown>:0 
  at System.Net.WebClient.UploadValuesCore (System.Uri uri, System.String method, System.Collections.Specialized.NameValueCollection data, System.Object userToken) [0x00000] in <filename unknown>:0 
  at System.Net.WebClient.UploadValues (System.Uri address, System.String method, System.Collections.Specialized.NameValueCollection data) [0x00000] in <filename unknown>:0 
The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
Object reference not set to an instance of an object
  at Mono.Security.Protocol.Tls.CipherSuite.createEncryptionCipher () [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.CipherSuite.InitializeCipher () [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
Comment 19 Gerry 2014-01-09 11:03:37 UTC
fwaris--I posted this in the forums last week on a workaround for this.

http://forums.xamarin.com/discussion/comment/39410/#Comment_39410

As a side note, it seems like this bug has reared it's head multiple times over the last few years...
Comment 20 Redth 2014-01-14 08:42:44 UTC
I just got bit by this one in the latest Alpha of Xamarin.Android (4.11.0).  Seems that System.Security.Cryptography.AesCryptoServiceProvider is being stripped out by the linker as the issue does not happen in Debug (with linking turned off)... 

The fix @Gerry suggested works, so it seems the linker just needs to be adjusted to not strip this out...