RE: [Mono-dev] System.Web.Mail and TLS
On Wed, 2006-03-29 at 10:56 -0500, Gonzalo Paniagua Javier wrote: > On Wed, 2006-03-29 at 06:40 -0800, Vladimir Krasnov wrote: > > Hi Gonzalo, > > > > What if the response from SMTP server is multi-line? For example, SMTP > > from IIS 6.0 returns multi-line response on EHLO command. > > Did you care taking a look at the RFC to know how the client knows that > it has to read another line and when it reaches the last line of a > multi-line response? No! See Appendix E in the RFC 821. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
On Wed, 2006-03-29 at 06:40 -0800, Vladimir Krasnov wrote: > Hi Gonzalo, > > What if the response from SMTP server is multi-line? For example, SMTP > from IIS 6.0 returns multi-line response on EHLO command. Did you care taking a look at the RFC to know how the client knows that it has to read another line and when it reaches the last line of a multi-line response? No! -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
Hi Gonzalo, What if the response from SMTP server is multi-line? For example, SMTP from IIS 6.0 returns multi-line response on EHLO command. Vladimir Krasnov -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gonzalo Paniagua Javier Sent: Tuesday, March 28, 2006 5:09 AM To: mono-devel-list@lists.ximian.com Subject: RE: [Mono-dev] System.Web.Mail and TLS On Mon, 2006-03-27 at 02:20 -0800, Vladimir Krasnov wrote: > Hi Gonzalo, > > What do you suggest about ReadResponse? Mono SslClientStream does not > inherit from NetworkStream, so how can I know if more data is available > in the stream and calling Read() again cannot be used because it blocks > if no data available. You're reading the response from the server *line* by line. So I would read, say, 4KB at a time and search for a \r\n$ or \n$ or \r$ ($ being the end of line). You can safely read up to that without blocking forever unless the server is misbehaving. If the line does not fit in that byte [], you can use a MemoryStream to buffer the input and keep reading until an EOL. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
On Mon, 2006-03-27 at 02:20 -0800, Vladimir Krasnov wrote: > Hi Gonzalo, > > What do you suggest about ReadResponse? Mono SslClientStream does not > inherit from NetworkStream, so how can I know if more data is available > in the stream and calling Read() again cannot be used because it blocks > if no data available. You're reading the response from the server *line* by line. So I would read, say, 4KB at a time and search for a \r\n$ or \n$ or \r$ ($ being the end of line). You can safely read up to that without blocking forever unless the server is misbehaving. If the line does not fit in that byte [], you can use a MemoryStream to buffer the input and keep reading until an EOL. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
Hi Gonzalo, What do you suggest about ReadResponse? Mono SslClientStream does not inherit from NetworkStream, so how can I know if more data is available in the stream and calling Read() again cannot be used because it blocks if no data available. Vladimir Krasnov -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gonzalo Paniagua Javier Sent: Wednesday, March 22, 2006 12:05 AM To: mono-devel-list@lists.ximian.com Subject: Re: [Mono-dev] System.Web.Mail and TLS On Tue, 2006-03-21 at 10:17 -0800, Vladimir Krasnov wrote: > Please take a look at this code and suggest what to do. In ReadResponse (), note that you should be expecting that Read does not return all the bytes, even if the stream is not a NetworkStream. Also the way you're building the string from the received bytes might lead to different strings depending on how Read() behaves (apart from being a waste of memory). I would rework that part. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
Hello Vladimir, On Wed, 2006-03-22 at 00:47 -0800, Vladimir Krasnov wrote: > Hi Sebastien, > > I've imported my server's certificate using certmgr, the import was > successful and I can see it by "certmfr -list" command, but I still get > the same exception. Maybe because what you did isn't in the FAQ ? Importing the server certificate isn't enough. In fact it is generally (98%) useless (because the certificate is already part of the SSL/TLS handshake, so there's no need for a local copy of it). *Unless* (2%) the server certificate is also your root (self-signed) certificate (common only for testing certificates). This shouldn't be your case as you were talking about a certificate from a "trusted" CA. Now the real question(s) is/are: How did *you* decide it was "trusted" ? or have you ? Answer: In the FAQ ;-) http://www.mono-project.com/FAQ:_Security > Vladimir > > -Original Message- > From: Sebastien Pouliot [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 21, 2006 9:12 PM > To: Vladimir Krasnov > Cc: mono-devel-list@lists.ximian.com > Subject: Re: [Mono-dev] System.Web.Mail and TLS > > Hello Vladimir, > > On Tue, 2006-03-21 at 10:17 -0800, Vladimir Krasnov wrote: > > Hello, > > > > I'm working now on sending email over SSL connection using > > System.Web.Mail API. This feature requires connection to SMTP server > to > > be changed to SSL connection after EHLO command. I've implemented > method > > ChangeToSSLSocket (look attached patch), > > Nice feature. > > > but I always get a > > TlsException, even if I have well known certificate from trusted CA. > > This has been a common question on the mailing-list. > Did you read the FAQ on Mono project wiki ? > http://www.mono-project.com/FAQ:_Security > > > Unhandled Exception: System.Web.HttpException: The authentication or > > decryption has failed. ---> System.IO.IOException: The authentication > or > > decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: > > Invalid certificate received form server. > > > > Please take a look at this code and suggest what to do. > > > > Vladimir Krasnov. > > > > > > ___ > > Mono-devel-list mailing list > > Mono-devel-list@lists.ximian.com > > http://lists.ximian.com/mailman/listinfo/mono-devel-list > -- Sebastien Pouliot <[EMAIL PROTECTED]> Blog: http://pages.infinit.net/ctech/ ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
RE: [Mono-dev] System.Web.Mail and TLS
Hi Sebastien, I've imported my server's certificate using certmgr, the import was successful and I can see it by "certmfr -list" command, but I still get the same exception. Vladimir -Original Message- From: Sebastien Pouliot [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 21, 2006 9:12 PM To: Vladimir Krasnov Cc: mono-devel-list@lists.ximian.com Subject: Re: [Mono-dev] System.Web.Mail and TLS Hello Vladimir, On Tue, 2006-03-21 at 10:17 -0800, Vladimir Krasnov wrote: > Hello, > > I'm working now on sending email over SSL connection using > System.Web.Mail API. This feature requires connection to SMTP server to > be changed to SSL connection after EHLO command. I've implemented method > ChangeToSSLSocket (look attached patch), Nice feature. > but I always get a > TlsException, even if I have well known certificate from trusted CA. This has been a common question on the mailing-list. Did you read the FAQ on Mono project wiki ? http://www.mono-project.com/FAQ:_Security > Unhandled Exception: System.Web.HttpException: The authentication or > decryption has failed. ---> System.IO.IOException: The authentication or > decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: > Invalid certificate received form server. > > Please take a look at this code and suggest what to do. > > Vladimir Krasnov. > > > ___ > Mono-devel-list mailing list > Mono-devel-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] System.Web.Mail and TLS
On Tue, 2006-03-21 at 10:17 -0800, Vladimir Krasnov wrote: > Please take a look at this code and suggest what to do. In ReadResponse (), note that you should be expecting that Read does not return all the bytes, even if the stream is not a NetworkStream. Also the way you're building the string from the received bytes might lead to different strings depending on how Read() behaves (apart from being a waste of memory). I would rework that part. -Gonzalo ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] System.Web.Mail and TLS
Hello Vladimir, On Tue, 2006-03-21 at 10:17 -0800, Vladimir Krasnov wrote: > Hello, > > I'm working now on sending email over SSL connection using > System.Web.Mail API. This feature requires connection to SMTP server to > be changed to SSL connection after EHLO command. I've implemented method > ChangeToSSLSocket (look attached patch), Nice feature. > but I always get a > TlsException, even if I have well known certificate from trusted CA. This has been a common question on the mailing-list. Did you read the FAQ on Mono project wiki ? http://www.mono-project.com/FAQ:_Security > Unhandled Exception: System.Web.HttpException: The authentication or > decryption has failed. ---> System.IO.IOException: The authentication or > decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: > Invalid certificate received form server. > > Please take a look at this code and suggest what to do. > > Vladimir Krasnov. > > > ___ > Mono-devel-list mailing list > Mono-devel-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
