Bug 38233 - Let's Encrypt Certificate issue
Summary: Let's Encrypt Certificate issue
Status: RESOLVED NORESPONSE
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Aleksey Kliger
URL:
Depends on:
Blocks:
 
Reported: 2016-01-31 18:05 UTC by mpollind
Modified: 2018-03-13 11:07 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Log of repro from master (145.97 KB, text/plain)
2016-04-14 21:05 UTC, Tyler Vann-Campbell
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED NORESPONSE

Description mpollind 2016-01-31 18:05:57 UTC
I getting this validation error with let's encrypt:

(IAsyncResult asyncResult) [0x00040] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) [0x00071] in <filename unknown>:0 
tail: ParkitectNexusLauncher.log: file truncated
[16-01-31 09:38:43] Info: staring client with:
[16-01-31 09:38:44] Fatal: Exception: One or more errors occurred.
[16-01-31 09:38:44] Fatal: StrackTrace:   at System.Threading.Tasks.Task.ThrowIfExceptional (Boolean includeTaskCanceledExceptions) [0x00014] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/threading/Tasks/Task.cs:2168 
  at System.Threading.Tasks.Task`1[TResult].GetResultCore (Boolean waitCompletionNotification) [0x00034] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/threading/Tasks/Future.cs:568 
  at System.Threading.Tasks.Task`1[TResult].get_Result () [0x00000] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/threading/Tasks/Future.cs:535 
  at MainWindow.FetchUserInfo () [0x0002f] in /home/michaelpollind/Desktop/ParkitectNexusClient/src/ParkitectNexus.Client.Linux/MainWindow.cs:74 
[16-01-31 09:38:44] Fatal: InnerException:
[16-01-31 09:38:44] Fatal: Exception: Error: SendFailure (Error writing headers)
[16-01-31 09:38:44] Fatal: StrackTrace:   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x00064] in <filename unknown>:0 
  at System.Net.WebClient.GetWebResponse (System.Net.WebRequest request, IAsyncResult result) [0x00000] in <filename unknown>:0 
  at System.Net.WebClient.OpenReadAsyncCallback (IAsyncResult result) [0x0001f] in <filename unknown>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:143 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00047] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:201 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:170 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:142 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:372 
  at ParkitectNexus.Data.Web.API.ApiUser+<GetAvatar>c__async0.MoveNext () [0x000be] in /home/michaelpollind/Desktop/ParkitectNexusClient/src/ParkitectNexus.Data/Web/API/ApiUser.cs:51 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:143 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00047] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:201 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:170 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:142 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in /builddir/build/BUILD/mono-4.2.2/external/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:372 
  at ParkitectNexus.Data.Authentication.ParkitectNexusAuthManager+<GetAvatar>c__async1.MoveNext () [0x0011f] in /home/michaelpollind/Desktop/ParkitectNexusClient/src/ParkitectNexus.Data/Authentication/ParkitectNexusAuthManager.cs:75 
[16-01-31 09:38:44] Fatal: InnerException:
[16-01-31 09:38:44] Fatal: Exception: Error writing headers
[16-01-31 09:38:44] Fatal: StrackTrace: 
[16-01-31 09:38:44] Fatal: InnerException:
[16-01-31 09:38:44] Fatal: Exception: The authentication or decryption has failed.
[16-01-31 09:38:44] Fatal: StrackTrace:   at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) [0x000ba] in <filename unknown>:0 
  at System.Net.WebConnectionStream+<SetHeadersAsync>c__AnonStorey1.<>m__0 (IAsyncResult r) [0x00000] in <filename unknown>:0 
[16-01-31 09:38:44] Fatal: InnerException:
[16-01-31 09:38:44] Fatal: Exception: The authentication or decryption has failed.
[16-01-31 09:38:44] Fatal: StrackTrace:   at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) [0x00040] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) [0x00071] in <filename unknown>:0 

using the tlstest.exe gives me this error

FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x413e6910 + 0x00107> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x413e6850 + 0x0002b> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x413e34c0 + 0x00213> in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x413e7510 + 0x000bf> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x413e72a0 + 0x0007f> in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x413e0dd0 + 0x0005f> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x413dac20 + 0x0009b> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x413da900 + 0x000a3> in <filename unknown>:0 
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7f041960d310 + 0x000fa> in <filename unknown>:0 
  at System.IO.StreamWriter.Flush () <0x7f041960d2e0 + 0x0001f> in <filename unknown>:0 
  at TlsTest.GetStreamPage (System.String url) <0x413a71a0 + 0x00335> in <filename unknown>:0 
  at TlsTest.Main (System.String[] args) <0x413a30f0 + 0x0069f> in <filename unknown>:0
Comment 1 Aleksey Kliger 2016-02-10 17:16:50 UTC
Thanks for the bug report!

This is what I see with recent mono master (adc643c1def22adf5af9a07761b5c9e50828f5bc)
  $ mono tlstest.exe https://letsencrypt.org/
https://letsencrypt.org
[Subject]
  C=US, S=California, L=Mountain View, O=INTERNET SECURITY RESEARCH GROUP, CN=letsencrypt.org

[Issuer]
  CN=TrustID Server CA A52, OU=TrustID Server, O=IdenTrust, C=US

[Not Before]
  2/3/2015 4:24:51 PM

[Not After]
  2/2/2018 4:24:51 PM

[Thumbprint]
  94FC724E10BA8272FC814B650CE5A64852BDE56E


	Valid From:  2/3/2015 4:24:51 PM
	Valid Until: 2/2/2018 4:24:51 PM

Error #-2146762486: CERT_E_CHAINING 0x800B010A


Could you tell me what version of mono you're using and the platform?

Thanks!
Comment 2 Tyler Vann-Campbell 2016-04-14 21:05:26 UTC
Created attachment 15728 [details]
Log of repro from master

I'm getting a similar error using a build from master this morning (3e81958f). I've attached a stack trace and logs hitting my server with a letsencrypt issued cert.

Repros for other domains with letsencrypt certs, found here: https://crt.sh/?Identity=%25&iCAID=7395&p=1&n=100
Comment 3 Marek Safar 2018-03-13 11:07:30 UTC
We have not received the requested information. If you are still experiencing this issue please provide all the requested information and reopen the bug report.

Thank you!