The RemoteCertificateValidationCallback Delegate, shown below, is used to verify the remote Secure Sockets Layer (SSL) certificate. The certificate parameter is the end entity server certificate returned by the remote server. What I'm not sure about is how the chain parameter is constructed. Is it built from the the list of certificates returned by the remote server (typically the server cert and intermediate CA certs) or does it go to the certificate local store and try to build a chain for the end entity server certificate returned in the certificate parameter?
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
...
}
UPDATE
I've got a suspicion it's using X509Chain.Build(server_cert), but would like to know what's really happening.
This person sees something similar: c# Retrieving a Certificate from an SSL stream shows different chain results vs other external tools
a-certificate-from-an-ssl-stream-shows-different-chain-result
It is received from the server as part of the TLS handshake:
7.4.2. Server Certificate
When this message will be sent:
The server MUST send a Certificate message whenever the agreed-
upon key exchange method uses certificates for authentication
(this includes all key exchange methods defined in this document
except DH_anon). This message will always immediately follow the
ServerHello message.
Meaning of this message:
This message conveys the server's certificate chain to the client.
The certificate MUST be appropriate for the negotiated cipher
suite's key exchange algorithm and any negotiated extensions.
Structure of this message:
opaque ASN.1Cert<1..2^24-1>;
struct {
ASN.1Cert certificate_list<0..2^24-1>;
} Certificate;
certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority MAY be omitted from the chain, under the
assumption that the remote end must already possess it in order to
validate it in any case.
Well, according to X509Chain.BuildChain() it uses CAPI CertGetCertificateChain, which means is taken from local cert store, built up from a given cert. You can see how the validation callback is invoked in TransportSecurityHelpers.cs. The chain is built in _SecureChannel.VerifyRemoteCertificate:
chain = new X509Chain();
chain.ChainPolicy.RevocationMode = m_CheckCertRevocation? X509RevocationMode.Online : X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
if (remoteCertificateStore != null)
chain.ChainPolicy.ExtraStore.AddRange(remoteCertificateStore);
if (!chain.Build(remoteCertificateEx) // Build failed on handle or on policy
&& chain.ChainContext == IntPtr.Zero) // Build failed to generate a valid handle
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
So it looks like the .Net takes the server cert from the SSL context and builds the chain using the CAPI chain building functions.
Related
I have a web server implemented using HttpListener in C#, there is a Go client which talks to this server. As part of the requirement I need to validate the certificates sent from the client on the server and I'm sending a certificate chain from the client. I found the method HttpListenerRequest.GetClientCertificate() to get the certificates on the server but I am able to receive only the leaf certificate but not the entire chain which is blocking me to perform the chain validation. Is there a way to receive the entire chain using HttpListener as the server.
PS: I tried sending the same certificate chain to a Go server and Go has ssl callback handler(VerifyPeerCertificate) in Tls Config using which I am able to read the entire certificate chain. I just want to acheive this with the existing HttpListener server I have in C#.
Edit: My client certificate is a chain (client cert + Intermediate CA + Root CA). I have the Root CA pre stored in the Trusted Root Certification Authorities. I need to get the Intermediate CA in the Windows Trust Store so that I can build the chain for the client certificate and as I can't pre store the Intermediate CA the idea is to send the chain from the client and extract the Intermediate CA when the client talks to the server.
As I am able to receive the complete chain using a Go server with the same client I can confirm that client sends the chain always but somehow the methods we have in C# for HttpListener seems to ignore the chain.
Normally the client is just sending its client certificate, then it is the server responsibility to check that the client certificate is trusted. If anyone can send a client certificate with the complete chain, then the server can accept any certification authority (including any compromised). So the certificate of the certification authority that has emitted the client certificate must be trusted on the server to ensure this authority is trusted and the server can request this authority to ensure the client certificate has not been revoked. On Windows this is done by adding the certificate of the certification authority to the Trusted Root Certification Authorities store.
The HttpListenerRequest.GetClientCertificate() source loads just one certificate.
It's on the server side to check the complete chain. The server must be able to connect to the AIA that has signed the client certificate to download the intermediate CA.
var chain = new X509Chain();
chain.ChainPolicy = new X509ChainPolicy()
{
DisableCertificateDownloads = false,
RevocationFlag = X509RevocationFlag.EntireChain,
RevocationMode = X509RevocationMode.Online,
UrlRetrievalTimeout = TimeSpan.Zero,
VerificationFlags = X509VerificationFlags.AllFlags
};
You may try to implement your own HttpListenerRequest and use it as a middleware in the pipeline.
I have a fully operational system where openssl based clients interact with an openssl server. Each client have its own certificate that is validated by the server. Certificates have been generated with openssl (X509, pem). They are self-signed.
I now want to write a test client based on SslStream. I used the client example from the SslStream class documentation.
My SslStream client is unable to complete the handshake. stunnel complains about the client not sending its certificate. This is confirmed in Wireshark (Certificates Length: 0 in handshake messages).
My client displays the following exception:
Inner exception: The message received was unexpected or badly
formatted
This is how I load my certificate:
X509Certificate cert = new X509Certificate2(filename, password);
X509CertificateCollection certColl = new X509CertificateCollection();
certColl.Add(cert);
I tried retrieving certificate various properties (ex: GetSerialNumberString()). It works. The Verify method returns false. This is the next thing I am going to investigate.
How I setup my SslStream does not seem to matter (same result):
sslStream.AuthenticateAsClient(serverName);
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
new LocalCertificateSelectionCallback(SelectLocalCertificate));
Same with authentication:
sslStream.AuthenticateAsClient(serverName);
sslStream.AuthenticateAsClient(serverName,
certColl,
SslProtocols.Tls,
true);
SelectLocalCertificate gets called (twice) and returns my certificate. ValidateServerCertificate currently never gets called (to my surprise).
How can I debug that? Even better if you can nail my problem.
UPDATE
I have added a function to perform chain validation based on the X509Chain example from the documentation. It displays all sorts of information on the certificate, including two intriguing messages:
Element certificate is valid: False
Element error status length: 1
In the end, I don't really have more details than when I call verify.
The output of openssl verify cert.pem does not report anything unusual.
error 18 at 0 depth lookup:self signed certificate
OK
UPDATE
I extracted the private key and certificate from the pem, and I generated a cert.pfx (pkcs12). I had no issues importing cert.pfx in my personal key store. In my certificate details, I can see a small icon indicating an attached private key.
I modified my client to retrieve the certificate from my personal store. But I am getting the same exact failure.
The solution was to import my CA root certificate on my Windows machine. My client is now able to complete the handshake!
Found the solution by searching for a more complete SslStream example. Thanks to http://geekswithblogs.net/luskan/archive/2007/10/01/115758.aspx.
I have a fine, working communicator application, written in C#. Now I need to implement a secure connection to the server. I've tried changing Socket and TcpClient objects into SslStream, but I got a few errors.
Firstly I generated a .cer certificate using makecert. OpenSSL certificates didn't worked for me, because they didn't include private key. Next I created a certificate object on the server and bound it to the SslStream:
X509Certificate serverCertificate = X509Certificate.CreateFromCertFile("ca.cer");
TcpClient clientSocket = this.tcpListener.AcceptTcpClient();
SslStream ssls = new SslStream(clientSocket.GetStream(), false);
ssls.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
On the client side I'm doing this:
TcpClient client = new TcpClient(settings.IP, settings.Port);
sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
sslStream.AuthenticateAsClient(settings.IP);
public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
return false;
}
but the AuthenticateAsClient function throws an exception. I tried several other method parameters, but none of this worked for me.
Could anyone help me, or explain step by step how to change simple sockets into secure ones? To be clear, SSL isn't the requirement - if there is simpler way to make the connection secure I can use that.
Edit:
Message in exception is following:
The remote certificate is invalid according to the validation procedure.
What's the exception ?
I guess you are getting the exception because your client certificate is rejected as valid from the server (unless you did the necessary things to set up trust).
When you use self signed certificates(the ones created by makecert), you would have to also supply a Client Certificate Validation callback when creating the SslStream object. Use this constructor overload http://msdn.microsoft.com/en-us/library/ms145056.aspx
.CER file usually contains a certificate without a private key. Loading it into the server just won't work. You need a private key as well. The easiest is to generate the certificate and a key and save them together to PFX format. Then load the certificate and a key from PFX on the server.
Now with your code only only authenticate the server. Is this what you want to do (i.e. don't you want to authenticate the client on the server as well)?
I'm trying to call a JBoss service from a C# program and I'm getting an annoyingly vague error.
JbossService proxy = new JbossService();
proxy.Credentials = new NetworkCredential("ME", "thepwd");
proxy.Url = //https url snipped
proxy.CookieContainer = new CookieContainer();
proxy.PreAuthenticate = true;
Console.WriteLine("Calling service...");
queryResponse qr = proxy.query();
Console.WriteLine("Done.");
The exception and inner exception thrown are as follows:
exception : The underlying connection was closed: An unexpected error occurred on a send.
inner exception : Authentication failed because the remote party has closed the transport stream.
I'm not quite sure what this means, other than perhaps that JBoss likes me even less than I like it. I'm calling from the local machine so I don't think it's a networking issue. Has anyone seen this before?
This usually happens when your client cannot verify trust over https with the server (usually because the server certificate is self signed or if it is signed by a root authority not installed on your client machine.
Easy fix (although there are security consequences)....somewhere in your initialization code add the following:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true;};
Basically this replaces the application wide handling of server certificate validation and causes your application to accept any certificate. If you want to get finer grained, you can examine the certificate and put some logic in the method.
This works for anything based on System.Net, so it should work for Web Services and any thing based on WebRequest.
I haven't used JBOSS. This is how I troubleshoot similar problems, when using Microsoft technologies -- the same issues may be affecting your program:
Firewall settings or network issue (try connecting manually, to rule this out)
Self-service certificate issues:
Check the following certificate values:
Ensure the server's certificate issuer has a valid, matching issuing trusted root Certificate Authority (CA), on the same machine
The server certificate subject name matches the machine name exactly
The machine name the client is accessing matches that defined in the server certificate
An administrator account set (server) certificate thumbprint
Try recreating the SSL Certificate on both servers)
Try creating your own CA cert, add to trusted publishers, and then create an SSL sert based on that
I have a weird requirement. I am trying to communicate with a server written in C#. It looks like this basically:
SslStream sslStream = new SslStream(client.GetStream(), true,
ValidateServerCertificate,
SelectLocalCertificate);
sslStream.AuthenticateAsServer(_pushCert);
I also have example code in C# that uses a X509 certificate and connects to the server. I have the password for the cert.pfx file as well.
What I would like to do is setup some kind of shell script that can connect to the socket, transmit a few bytes and receive the response. (any language really, although I was looking at Python or Ruby or Perl)
I tried using the SSL wrapper from Python, but I get an error stating their is no known algorithm for the server/client to talk.
Example of my Python code:
ss = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(ss, ca_certs=CERT, ssl_version=ssl.PROTOCOL_SSLv23 )
#Attempt connection to our server
try:
s.connect((HOST, PORT))
print s
except:
print 'ERROR Connecting'
sys.exit(0)
For CERT I tried a few different filee: the .pfx, and some extracted from the .pfx using openssl.
I tried many different examples as well (Arguments for the ssl.wrap_socket). I am not really familiar with these connections either.
Perhaps someone here could lend a hand?
Thanks!
You can simplify your SslStream constructor call:
SslStream sslStream = new SslStream(client.GetStream());
sslStream.AuthenticateAsServer(_pushCert);
This server sends _pushCert and does not expect the client to send a certificate back. The server needs the private key for the certificate to make the SSL connection.
The client only needs the CA root certificate that signed the server certificate (or, an option to accept an untrusted certificate.) This needs to be in the "trusted root certificate store" or otherwise identified as trusted to the client wrapper.
If the server certificate is signed by an intermediate CA certificate that is itself signed by the root CA certificate, the client needs that intermediate certificate too. That can be sent by the server, or can already be at the client. Either way, the entire chain of signing certificates has to be in hand at the client to verify all of the signatures along the chain. The intermediate CA certificate does not need to be in the trusted root store.
Neither side needs a private key for the CA root, or for an intermediate signing certificate.
However, if your server expects the client to send a client certificate, then you have to call AuthenticateAsServer with more arguments (clientCertificateRequired == true). In that case, the client needs both its own certificate and the private key for its certificate. The server needs the CA root that signs the client certificate in its trusted store. The client wrapper will take a pfx file, for example, containing the client certificate and private key. The server does not need the client's private key.