Home SslStream.AuthenticateAsServer() blocks indefinitely
Reply: 0

SslStream.AuthenticateAsServer() blocks indefinitely

Demindiro
1#
Demindiro Published in 2018-01-13 12:31:10Z

I am trying to create an SMTPS server (for educational purposes, mostly) but I can't seem to authenticate the server using TLS.

I got a certificate by using Certbot for Debian 8 (Jessie). I then combined the certificate and the private key into a .pfx file with $ openssl pkcs12 -export -out fullcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem and I load it using var cert = new X509Certificate2("fullcert.pfx", "password");

The certificate I got seems to be valid, as cert.ToString(true) seems to show the properties of the certificate correctly and the following code correctly encrypts/decrypts a string

var str = "BeepBoop";
Console.WriteLine("Encrypting... ({0})", str);
var enc = pubkey.Encrypt(System.Text.Encoding.UTF8.GetBytes(str), RSAEncryptionPadding.Pkcs1);
Console.WriteLine("Decrypting...");
var dec = System.Text.Encoding.UTF8.GetString(privkey.Decrypt(enc, RSAEncryptionPadding.Pkcs1));
Console.WriteLine("Finished ({0})", dec);

Sorry for the messy code

I then pass the certificate object to another object, which uses it in the following code:

// PS: the server listens on port 25000
private void HandleClient(TcpClient client)
{
    Console.WriteLine("[==] BeepBoop: connection on " + port);
    //client.ReceiveTimeout = client.SendTimeout = timeout;
    Stream stream = client.GetStream();
    if(Certificate != null)
    {
        var sslStream = new SslStream(stream, false);
        Console.WriteLine("Authenticating...");
        sslStream.AuthenticateAsServer(Certificate, false, SslProtocols.Tls, true);
        Console.WriteLine("Authenticated");
        stream = sslStream;
    }
    Write(stream, ServiceReadyReply);

    // Implementation of SMTP, which does work correctly
}

When I try to connect using this SMTP tool or even Chrome (by connecting to https://localhost:25000) the program blocks indefinitely on sslStream.AuthenticateAsServer(...) until the client times out, at which point an AggregateException containing an IOException is thrown. I have tried changing the parameters, but no combination seems to work.

This is the stacktrace I get:

  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x00027] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:606 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream:ProcessHandshake (Mono.Net.Security.AsyncOperationStatus)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:282 
  at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:221 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:152 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00037] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:187 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:156 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:128 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:447 
  at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x00046] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:187 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:152 
  at Mono.Net.Security.MobileAuthenticatedStream.CheckThrow (System.Boolean authSuccessCheck, System.Boolean shutdownCheck) [0x00008] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:91 
  at Mono.Net.Security.MobileAuthenticatedStream.get_SslProtocol () [0x00011] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:707 
  at System.Net.Security.SslStream.get_SslProtocol () [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/System.Net.Security/SslStream.cs:252

PS: I copied the certificate to my MacBook, but the exact same issue happens on my Raspberry Pi

The attribute stream.DataAvailable is false at the moment the exception is thrown. I don't know if this information does really matter, but I guess it is better to give too much information than too little :)

I have done quite a bit of research to my specific issue, and I found the following results which seem related to my issue:

  • C# SslStream.AuthenticateAsServer() intermittently blocks indefinitely. Recovers after restart of application.
  • AuthenticateAsServer blocks forever on any Jabber client but GAIM
  • Bug 976638 - System.Net.Security.SslStream hangs in AuthenticateAsServer (this one seems to be very similar to my issue!)
  • AuthenticateAsServer blocks forever on any Jabber client but GAIM (also very relevant)
  • SslStream.AuthenticateAsServer and AuthenticateAsClient intermittently block indefinitely.
  • SslStream.AuthenticateAsServer hangs

At this point, I don't have any clue what could be going wrong. Any help is very much appreciated. If you need more information, I'll be glad to provide it.

UPDATE: When I try to connect with Chrome to my server I get ERR_SSL_PROTOCOL_ERROR and an AuthenticationException that has an TlsException with TlsException.Message = "Unknown Secure Transport error `IllegalParam'." (maybe I forgot to append 'https://' to the domain name when debugging initially? I would swear I did do that then though...)

UPDATE 2: The error message is different for the MacBook and the Raspberry Pi: the above error message is from the MacBook and the following is what I get on the RPi: Mono.Btls.MonoBtlsException: Ssl error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.315375 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO