| Problem Mutual Authentication |
|
|
by Germen [germen at astri dot org]
posted on 2003/09/03 |
|
I am using Mentalis Sec Lib as the SSL Client, it works in One-way authentication with the SSL server. However, when the Mutual Authenication is enabled, the client is block at SspiProvider.CryptAcquireCertificatePrivateKey in MD5SHA1CryptoServiceProvider. CreateSignature
Any helps are welcome!
Germen |
by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/09/03 |
|
If your client certificate uses "strong private key protection", the system will show a dialog whenever an application tries to access the private key of that certificate asking the user whether he wants to give access to his private key or not. This is the only reason I can think of why the CryptAcquireCertificatePrivateKey method would block. |
by Germen [germen at astri dot org]
posted on 2003/09/03 |
|
Finally, I found that the method is not blocked, but the method is returned with error! And the exception thrown does not print out to the console.
Is there any way I can get more information about the error?
Thanks,
Germen
|
by germen [germen at astri dot org]
posted on 2003/09/04 |
|
The error occurs, if the certificates in the certificate path is included in the .p12 certificate. I am it is normal, since every CA signed cert should have the CA's cert comes with it.
Correct me if I am wrong!
Do you have any work around for this problem?
Many Thanks,
Germen
|
by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/09/05 |
|
Can you tell me what protocol you're using? [SSL, TLS or a combination of both]
If you're using SSL or the combination of SSL/TLS, could you try using TLS alone. We just found a problem in the library where the SecureSocket sends a wrong signature to the server if mutual authentication is enabled and the SSL protocol is used. TLS does not have this problem.
This bug will be fixed when I upload the next version of the library, but I'd like you to acknowledge first whether the problem goes away if you enable TLS only. If not, it may be another problem. |
by Germen [germen at astri dot org]
posted on 2003/09/15 |
|
I am using TLS only by defining the options.Protocol = SecureProtocol.Tls1; option when I am creating the secure socket. However the problem persists!
The problem is solved, when I updated the seclib to the latest version on 11/9
Many thanks for your help!
Germen
|
by germen [germen at astri dot org]
posted on 2003/09/15 |
|
BTW, I found that there are some debug message print to the console during the communication. How do I disable that?
Inside UnwrapMessage
SSDEBUG: Unwrapping message with Org.Mentalis.Security.Cryptography.ARCFourManag
edTransform+Org.Mentalis.Security.Cryptography.HMAC
Unwrap length: 37
SSDEBUG: Doing stream cipher... |
by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/09/15 |
|
Oops, looks like I forgot to remove some debugging methods from the library I uploaded :-)
I'll upload a new version -without debugging code- as soon as possible. |
