Bug 19010 - X509Chain: NullReferenceException & Badly encoded extension.
Summary: X509Chain: NullReferenceException & Badly encoded extension.
Status: RESOLVED NORESPONSE
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: master
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2014-04-13 07:43 UTC by henrik
Modified: 2018-03-13 11:07 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED NORESPONSE

Description henrik 2014-04-13 07:43:56 UTC
In short, building a X509 certificate chain doesn't always work. I'm running the example HttpServer from miTLS, which is multi-threaded, so this might be a number of race conditions. From the 'badly encoded extension', it might even be a linker or memory corruption error: but I'm not the best person to ask.

Please see the attached discussion for more contextual details, discussion and links into source code that you can reproduce the error with.

https://github.com/mono/mono/commit/23865f09ed930067d50f73cedc4ee8b363d9d084#commitcomment-5994638

StackTraces:

System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Badly encoded extension.
  at System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension.get_SubjectKeyIdentifier () [0x0003c] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierExtension.cs:155 
  at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Find (X509FindType findType, System.Object findValue, Boolean validOnly) [0x00369] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs:266 
  at System.Security.Cryptography.X509Certificates.X509Chain.FindParent (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0002d] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:427 
  at System.Security.Cryptography.X509Certificates.X509Chain.BuildChainFrom (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00011] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:366 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00017] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:119 
  --- End of inner exception stack trace ---

And 

System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unable to decode public key. ---> System.NullReferenceException: Object reference not set to an instance of an object
  at System.Security.Cryptography.X509Certificates.PublicKey..ctor (Mono.Security.X509.X509Certificate certificate) [0x000e0] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs:108 
  at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey () [0x00021] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs:266 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey () [0x00043] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs:270 
  at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00085] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:539 
  at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x0002c] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:475 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0001f] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:120 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0002c] in /Volumes/build-root-ramdisk/mono-3.4.0/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:123 
  at Cert.x509_verify (System.Security.Cryptography.X509Certificates.X509Certificate2 x509) [0x00013] in /Users/xyz/dev/_vendor/suave/libs/miTLS/src/lib/Cert.fs:126 
  at Cert+x509@205-5.Invoke (System.Security.Cryptography.X509Certificates.X509Certificate2 x509) [0x00000] in /Users/xyz/dev/_vendor/suave/libs/miTLS/src/lib/Cert.fs:205 
  at Microsoft.FSharp.Collections.IEnumerator.next@185[X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 f, IEnumerator`1 e, Microsoft.FSharp.Core.FSharpRef`1 started, Microsoft.FSharp.Core.Unit unitVar0) [0x00009] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:186 
  at Microsoft.FSharp.Collections.IEnumerator+filter@180[System.Security.Cryptography.X509Certificates.X509Certificate2].System-Collections-IEnumerator-MoveNext () [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:185 
  at Microsoft.FSharp.Collections.IEnumerator.next@185[X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 f, IEnumerator`1 e, Microsoft.FSharp.Core.FSharpRef`1 started, Microsoft.FSharp.Core.Unit unitVar0) [0x00009] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:186 
  at Microsoft.FSharp.Collections.IEnumerator+filter@180[System.Security.Cryptography.X509Certificates.X509Certificate2].System-Collections-IEnumerator-MoveNext () [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:185 
  at Microsoft.FSharp.Collections.IEnumerator.next@185[X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 f, IEnumerator`1 e, Microsoft.FSharp.Core.FSharpRef`1 started, Microsoft.FSharp.Core.Unit unitVar0) [0x00009] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:186 
  at Microsoft.FSharp.Collections.IEnumerator+filter@180[System.Security.Cryptography.X509Certificates.X509Certificate2].System-Collections-IEnumerator-MoveNext () [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:185 
  at Microsoft.FSharp.Collections.IEnumerator.next@185[X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 f, IEnumerator`1 e, Microsoft.FSharp.Core.FSharpRef`1 started, Microsoft.FSharp.Core.Unit unitVar0) [0x00009] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:186 
  at Microsoft.FSharp.Collections.IEnumerator+filter@180[System.Security.Cryptography.X509Certificates.X509Certificate2].System-Collections-IEnumerator-MoveNext () [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:185 
  at Microsoft.FSharp.Collections.IEnumerator.next@185[X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 f, IEnumerator`1 e, Microsoft.FSharp.Core.FSharpRef`1 started, Microsoft.FSharp.Core.Unit unitVar0) [0x00009] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:186 
  at Microsoft.FSharp.Collections.IEnumerator+filter@180[System.Security.Cryptography.X509Certificates.X509Certificate2].System-Collections-IEnumerator-MoveNext () [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:185 
  at Microsoft.FSharp.Collections.SeqModule.TryPick[X509Certificate2,X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 chooser, IEnumerable`1 source) [0x00020] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:970 
  at Microsoft.FSharp.Collections.SeqModule.Pick[X509Certificate2,X509Certificate2] (Microsoft.FSharp.Core.FSharpFunc`2 chooser, IEnumerable`1 source) [0x00000] in /Volumes/build-root-ramdisk/fsharp-fsharp-ada9d13/src/fsharp/FSharp.Core/seq.fs:977 
  at Cert.for_key_encryption (Microsoft.FSharp.Collections.FSharpList`1 sigkeyalgs, System.String h) [0x00012] in /Users/xyz/dev/_vendor/suave/libs/miTLS/src/lib/Cert.fs:202
Comment 1 Miguel de Icaza [MSFT] 2014-05-23 10:48:54 UTC
Please provide a test case and instructions on how to reproduce this.

Setting bug to NEEDINFO until then
Comment 2 henrik 2014-05-25 10:58:35 UTC
What would a test-case look like? This is not only in code, but about storage mechanisms.

I can give sample key for you to import and code to run that triggers it. Is that good enough?
Comment 3 henrik 2014-08-25 16:00:13 UTC
Repro is starting this server: https://github.com/haf/miTLS/tree/vs2012-exp/src/HttpServer

Setting status to NEW as you have a test case.
Comment 4 henrik 2015-04-05 05:54:59 UTC
Any progress?
Comment 5 Miguel de Icaza [MSFT] 2015-04-06 10:27:16 UTC
In general, progress is difficult when the test case is not self contained.

The documentation on how to build that project is poor and does not actually work (Exception thrown by rake at build time).   I managed to build things by hand generating the missing AssemblyVersion files.

Starting the server does not produce this exception, neither with Mono 3.12, nor Mono 4.1.0:

cd src/HttpServer
mono bin/Release/HttpServer.exe
cannot read mime-types: Could not find a part of the path "/private/tmp/miTLS/src/HttpServer/bin/Release/htdocs/mime.types".
[Thread    1] [4/6/2015 10:25:15 AM] Starting HTTP server on port 2443

Either the bug has been fixed, or the repro steps are incomplete (because of a hacked up build on my end, or there is more needed than running the server).
Comment 6 henrik 2015-04-06 10:32:17 UTC
Hi Miguel,

Thank you for looking at it. I understand what you're stating; how do you prefer to get repros?

A shell-script + code that's compiled with xbuild?

Regards,
Henrik
Comment 7 Miguel de Icaza [MSFT] 2015-04-06 10:44:27 UTC
The fewer the dependencies, the better.

Sometimes a simple C# class that can be copy pasted is enough.   But that might not always be possible.
Comment 8 Marek Safar 2018-03-13 11:07:22 UTC
We have not received the requested information. If you are still experiencing this issue please provide all the requested information and reopen the bug report.

Thank you!