[Mono-dev] HttpListener https bug?
I'm trying to use Mono HttpListener but after some test I'm running into an issue with HttpS. The project works well with simple http requests but just doesn't serve https. Here is what I've done to use it (win7), first try to create certificate files: makecert -r -pe -n "CN=SALARPC" -b 01/01/2000 -e 01/01/2040 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv local.pvk local.cer (this is microsoft makecert application) I've create certifications without password. and registration of files to the port: httpcfg -add -port 9667 -pvk local.pvk -cert local.cer All is done successfully. Unfortunately it doesn't response to https port. (note: actually httpcfg copies cer and pvk files for port 9667 to here: C:\Users\USERNAME\AppData\Roaming\.mono\httplistener) Second try with openssl and pvktool: openssl genrsa -des3 -out localhost.pem 2048 openssl rsa -in localhost.pem -out localhost.pem.nopass openssl req -new -key localhost.pem.nopass -out localhost.csr pvk -in localhost.pem.nopass -topvk -nocrypt -out localhost.pvk httpcfg -del -port 9667 httpcfg -add -port 9667 -pvk localhost.pvk -cert localhost.crt Still no luck with httplistener and https! Debugging the mono code I realize that it throws internally an exception during reading the request (HttpConnection.cs) which says "The authentication or decryption has failed.": System.IO.IOException was caught Message=The authentication or decryption has failed. Source=Mono.HttpListener StackTrace: at Mono.Security.Protocol.Tls.SslStreamBase.EndRead(IAsyncResult asyncResult) at Mono.Net.HttpConnection.OnRead(IAsyncResult ares) InnerException: Mono.Security.Protocol.Tls.TlsException Message=A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. Source=Mono.HttpListener Am I doing something wrong! What's the problem? Or this is a bug? [Mono-2.6.7 - windows 7] -- View this message in context: http://mono.1490590.n4.nabble.com/HttpListener-https-bug-tp2527913p2527913.html Sent from the Mono - Dev mailing list archive at Nabble.com. ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
I've followed the steps in
http://www.mono-project.com/UsingClientCertificatesWithXSP to create a
root certificate and a client certificate (instead of generating a .p12,
I created a .pvk and a .cer) and then used the "client" certificate as
my server's.
Then I created a small program (attached hl.cs) and run **Mono's**
httpcfg to associate the certificate with port 9667. Everything worked
just fine with Mono (and on .NET, since I didn't use their httpcfg, you
get a connection reset error.
See the screenshot at http://gonzalo.name/tmp/httplistener2.png
-Gonzalo
On Sun, 2010-09-05 at 22:11 -0700, salar2k wrote:
> I'm trying to use Mono HttpListener but after some test I'm running into an
> issue with HttpS.
> The project works well with simple http requests but just doesn't serve
> https.
>
> Here is what I've done to use it (win7), first try to create certificate
> files:
>
> makecert -r -pe -n "CN=SALARPC" -b 01/01/2000 -e 01/01/2040 -eku
> 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA
> SChannel Cryptographic Provider" -sy 12 -sv local.pvk local.cer
>
> (this is microsoft makecert application)
>
> I've create certifications without password.
> and registration of files to the port:
>
> httpcfg -add -port 9667 -pvk local.pvk -cert local.cer
>
> All is done successfully.
> Unfortunately it doesn't response to https port.
> (note: actually httpcfg copies cer and pvk files for port 9667 to here:
> C:\Users\USERNAME\AppData\Roaming\.mono\httplistener)
>
> Second try with openssl and pvktool:
>
> openssl genrsa -des3 -out localhost.pem 2048
> openssl rsa -in localhost.pem -out localhost.pem.nopass
> openssl req -new -key localhost.pem.nopass -out localhost.csr
>
> pvk -in localhost.pem.nopass -topvk -nocrypt -out localhost.pvk
>
> httpcfg -del -port 9667
> httpcfg -add -port 9667 -pvk localhost.pvk -cert localhost.crt
>
> Still no luck with httplistener and https!
>
> Debugging the mono code I realize that it throws internally an exception
> during reading the request (HttpConnection.cs) which says "The
> authentication or decryption has failed.":
>
> System.IO.IOException was caught
> Message=The authentication or decryption has failed.
> Source=Mono.HttpListener
> StackTrace:
>at Mono.Security.Protocol.Tls.SslStreamBase.EndRead(IAsyncResult
> asyncResult)
>at Mono.Net.HttpConnection.OnRead(IAsyncResult ares)
> InnerException: Mono.Security.Protocol.Tls.TlsException
>Message=A message could not be decoded because some field was out
> of the specified range or the length of the message was incorrect.
>Source=Mono.HttpListener
>
> Am I doing something wrong! What's the problem?
> Or this is a bug?
> [Mono-2.6.7 - windows 7]
>
using System;
using System.IO;
using System.Net;
namespace ConsoleApplication1 {
class Class1 {
static void Main ()
{
HttpListener l = new HttpListener ();
l.Prefixes.Add ("https://*:9667/";);
l.Start ();
l.BeginGetContext (OnGetContext, l);
Console.ReadLine ();
}
static void OnGetContext (IAsyncResult ares)
{
HttpListener l = ares.AsyncState as HttpListener;
if (l == null)
return;
try {
HttpListenerContext ctx = l.EndGetContext (ares);
Console.WriteLine ("Got request");
l.BeginGetContext (OnGetContext, l);
using (StreamWriter writer = new StreamWriter (ctx.Response.OutputStream))
writer.Write ("Hello world!");
ctx.Response.Close ();
Console.WriteLine ("Sent request");
} catch (Exception e) {
Console.WriteLine (e);
Environment.Exit (1);
}
}
}
}
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
Thanks for the reply.
I've done the way you did and it works. But that was not my issue.
Try to set browser's proxy to "localhost:9667" and browse
https://mail.google.com/mail/ .
You will see it doesn't work and connection resets.
This happens only when you're using https in listener.
Change l.Prefixes.Add ("https://*:9667/";); to l.Prefixes.Add
("http://*:9667/";); and browse http://www.google.com
it works as expected with a message Hello world!.
I've made trusted that certificate to be sure if maybe browser is strict
about that. (I've installed the cer file in windows "Trusted Root
Certification Authorities" so now it's trusted).
--
View this message in context:
http://mono.1490590.n4.nabble.com/HttpListener-https-bug-tp2527913p2530819.html
Sent from the Mono - Dev mailing list archive at Nabble.com.
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
On Tue, 2010-09-07 at 22:56 -0700, salar2k wrote:
> Thanks for the reply.
>
> I've done the way you did and it works. But that was not my issue.
>
> Try to set browser's proxy to "localhost:9667" and browse
> https://mail.google.com/mail/ .
> You will see it doesn't work and connection resets.
>
> This happens only when you're using https in listener.
> Change l.Prefixes.Add ("https://*:9667/";); to l.Prefixes.Add
> ("http://*:9667/";); and browse http://www.google.com
> it works as expected with a message Hello world!.
You didn't mention any proxy before. Why don't you send the code of your
listener?
-Gonzalo
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
Guess it doesn't needed because the issue occurs even with your peace of program. And yes i'm working on kind of proxy software. (is that important?) I'm not sure but I guess the destination website (any ssl enabled website) doesn't trust the proxy's certificate to communicate with it. -- View this message in context: http://mono.1490590.n4.nabble.com/HttpListener-https-bug-tp2527913p2532247.html Sent from the Mono - Dev mailing list archive at Nabble.com. ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
On Wed, 2010-09-08 at 18:10 -0700, salar2k wrote: > Guess it doesn't needed because the issue occurs even with your peace of > program. > > And yes i'm working on kind of proxy software. (is that important?) Yes. The way the browser tries to set up a https connection through the proxy is by using the CONNECT method over an unencrypted connection that is later turned into an encrypted one (tunneled through the proxy). HttpListener is expecting a TLS connection and the browser is sending plain text data... That's why the connection is being reset. You would need to listen with http://*:9667/ and then handle the CONNECT method appropriately. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] HttpListener https bug?
Many thanks, now i know the problem and will find a way for that. I found this simple app useful: http://www.codeproject.com/KB/IP/HTTPSDebuggingProxy.aspx -- View this message in context: http://mono.1490590.n4.nabble.com/HttpListener-https-bug-tp2527913p2535559.html Sent from the Mono - Dev mailing list archive at Nabble.com. ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
