Bug 24359 - Attempting to connect to secure WebSocket fails with System.IO.IOException: The authentication or decryption has failed
Summary: Attempting to connect to secure WebSocket fails with System.IO.IOException: T...
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: Mono.Security ()
Version: 3.4.0
Hardware: PC Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2014-11-07 21:33 UTC by Jon Goldberger [MSFT]
Modified: 2016-07-31 16:40 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
test Project (5.39 MB, application/zip)
2014-11-07 21:33 UTC, Jon Goldberger [MSFT]
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 24359 on GitHub or Developer Community if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: GitHub Markdown or Developer Community HTML
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:
Status:
NEW

Description Jon Goldberger [MSFT] 2014-11-07 21:33:10 UTC
Created attachment 8668 [details]
test Project

## Description

Code that works on .NET, using the WebSocket4Net library (https://websocket4net.codeplex.com) to set up a WebSocket to a secure WebSocket server, fails in Mono with the following:

>WebSocket Error Message: The authentication or decryption has failed.
>WebSocket InnerException: System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server.
>at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.LocalValidation (Mono.Security.Protocol.Tls.ClientContext context, AlertDescription description) [0x001b3] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:331 
>at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x0002c] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:198 
>at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00054] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:105 
>at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00037] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake/HandshakeMessage.cs:105 
>at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
>at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00039] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:81 
>at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00123] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:397 
>--- End of inner exception stack trace ---
>at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00035] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:425 
>at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x0000c] in /private/tmp/source-mono-mac-3.10.0-branch/bockbuild-mono-3.10.0-branch/profiles/mono-mac-xamarin/build-root/mono-3.10.0/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:99 


## Steps to reproduce

1. Open and run the attached test project in Xamarin Studio on a Mac.

Expected result: WebSocket server echo sent message "Hello World!" so the console should show:
>                WebSocket Message Recieved: Hello World!
>                every 2 seconds

Actual result: Exception noted above is thrown.

2. Open and run the same project in Visual Studio.

Expected result: WebSocket server echo sent message "Hello World!" so the console should show:
>                WebSocket Message Recieved: Hello World!
>                every 2 seconds

Actual result: As expected.



Mac Xamarin Studio version info:

=== Xamarin Studio ===

Version 5.5.3 (build 6)
Installation UUID: 2dc9022f-f9a8-424f-8284-bf224cbbfde0
Runtime:
	Mono 3.10.0 ((detached/e204655)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 310000023

=== Apple Developer Tools ===

Xcode 6.1 (6604)
Build 6A1052d

=== Xamarin.Mac ===

Version: 1.10.0.18 (Business Edition)

=== Xamarin.iOS ===

Version: 8.4.0.16 (Business Edition)
Hash: 80e9ff7
Branch: 
Build date: 2014-10-22 15:09:12-0400

=== Xamarin.Android ===

Version: 4.18.1 (Business Edition)
Android SDK: /Users/apple/Library/Developer/Xamarin/android-sdk-mac_x86
	Supported Android versions:
		2.2    (API level 8)
		2.3    (API level 10)
		3.0    (API level 11)
		3.1    (API level 12)
		3.2    (API level 13)
		4.0    (API level 14)
		4.0.3  (API level 15)
		4.1    (API level 16)
		4.2    (API level 17)
		4.3    (API level 18)
		4.4    (API level 19)
		4.4.87 (API level 20)
Java SDK: /usr
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-466.1-11M4716)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-466.1, mixed mode)

=== Build Information ===

Release ID: 505030006
Git revision: fbe3e9453daf6a3bb9a9709ed22bec35f7c9056b
Build date: 2014-10-23 13:08:38-04
Xamarin addins: e44add2b39de4dd57c0742bb2e620dfad84c64c6

=== Operating System ===

Mac OS X 10.10.0
Darwin Jons-iMac.local 14.0.0 Darwin Kernel Version 14.0.0
    Fri Sep 19 00:26:44 PDT 2014
    root:xnu-2782.1.97~2/RELEASE_X86_64 x86_64


Visual Studio version info:

Microsoft Visual Studio Ultimate 2013
Version 12.0.30723.00 Update 3
Microsoft .NET Framework
Version 4.5.51641

Installed Version: Ultimate

Architecture and Modeling Tools   06181-004-0451031-02209
Microsoft Architecture and Modeling Tools
    
UML® and Unified Modeling Language™ are trademarks or registered trademarks of the Object Management Group, Inc. in the United States and other countries.

LightSwitch for Visual Studio 2013   06181-004-0451031-02209
Microsoft LightSwitch for Visual Studio 2013

Team Explorer for Visual Studio 2013   06181-004-0451031-02209
Microsoft Team Explorer for Visual Studio 2013

Visual Basic 2013   06181-004-0451031-02209
Microsoft Visual Basic 2013

Visual C# 2013   06181-004-0451031-02209
Microsoft Visual C# 2013

Visual C++ 2013   06181-004-0451031-02209
Microsoft Visual C++ 2013

Visual F# 2013   06181-004-0451031-02209
Microsoft Visual F# 2013

Visual Studio 2013 Code Analysis Spell Checker   06181-004-0451031-02209
Microsoft® Visual Studio® 2013 Code Analysis Spell Checker

Portions of International CorrectSpell™ spelling correction system © 1993 by Lernout & Hauspie Speech Products N.V. All rights reserved.

The American Heritage® Dictionary of the English Language, Third Edition Copyright © 1992 Houghton Mifflin Company. Electronic version licensed from Lernout & Hauspie Speech Products N.V. All rights reserved.

Windows Phone SDK 8.0 - ENU   06181-004-0451031-02209
Windows Phone SDK 8.0 - ENU

Application Insights Tools for Visual Studio Package   1.0
Application Insights Tools for Visual Studio

ASP.NET and Web Tools   12.3.50717.0
Microsoft Web Developer Tools contains the following components:
Support for creating and opening ASP.NET web projects
Browser Link: A communication channel between Visual Studio and browsers
Editor extensions for HTML, CSS, and JavaScript
Page Inspector: Inspection tool for ASP.NET web projects
Scaffolding: A framework for building and running code generators
Server Explorer extensions for Microsoft Azure Websites
Web publishing: Extensions for publishing ASP.NET web projects to hosting providers, on-premises servers, or Microsoft Azure

ASP.NET Web Frameworks and Tools 2012.2   4.1.21001.0
For additional information, visit http://go.microsoft.com/fwlink/?LinkID=309563

ASP.NET Web Frameworks and Tools 2013   5.2.20703.0
For additional information, visit http://www.asp.net/

Common Azure Tools   1.2
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Microsoft Advertising SDK for Windows Phone   
Microsoft Advertising SDK for Windows Phone
Build 

Microsoft Azure Mobile Services Tools   1.2
Microsoft Azure Mobile Services Tools

Microsoft Azure Tools   2.4
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.4.20730.1601

NuGet Package Manager   2.8.50313.46
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

Office Developer Tools for Visual Studio 2013 ENU   12.0.30626
Microsoft Office Developer Tools for Visual Studio 2013 ENU

PowerShell Tools   1.2
Provides file classification services using PowerShell

PreEmptive Analytics Visualizer   1.2
Microsoft Visual Studio extension to visualize aggregated summaries from the PreEmptive Analytics product.

SAPReferenceManager   1.0
Manages References to Shared Projects

SQL Server Data Tools   12.0.40706.0
Microsoft SQL Server Data Tools

Windows Azure Tools   2.3
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.3.20320.1602

Windows Phone 8.1 SDK Integration   1.0
This package integrates the tools for the Windows Phone 8.1 SDK into the menus and controls of Visual Studio.

Workflow Manager Tools 1.0   1.0
This package contains the necessary Visual Studio integration components for Workflow Manager.

Xamarin   3.7.248.0 (8ca7d11db8a6f874c6cd2de6d9ca0f511867ce91)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin.Android   4.18.1.3 (5474129af31e9d3a86cb7482c7c5c7a30ad315f1)
Visual Studio plugin to enable development for Xamarin.Android.

Xamarin.iOS   8.4.0.0 (209abebbd8f1a292d042420edb45fa5fbd3f017b)
Visual Studio extension to enable development for Xamarin.iOS.
Comment 2 Jon Goldberger [MSFT] 2014-11-07 21:48:55 UTC
Update:

I found either a workaround or new knowledge (i.e. perhaps I didn't set up the test properly)

I got this to work by implementing ServicePointManager.ServerCertificateValidationCallback

>websocket = new WebSocket("wss://echo.websocket.org");
>ServicePointManager.ServerCertificateValidationCallback = ValidateCert;

...

public static bool ValidateCert(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return true;
}

(not so worried about actually validating the certificate at this point).

I won't resolve this bug yet until I have confirmation that the above method is needed in Mono even though it isn't in .NET.
Comment 3 Jon Goldberger [MSFT] 2014-11-07 21:56:02 UTC
PS; Also note that sslPolicyErrors passed into ValidateCert has the value 
RemoteCertificateNotAvailable