Bug 18304 - TLS failure with CERT_E_CHAINING with mozroots installed and correct certificate
Summary: TLS failure with CERT_E_CHAINING with mozroots installed and correct certificate
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: 3.2.x
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Martin Baulig
URL:
Depends on:
Blocks:
 
Reported: 2014-03-11 13:39 UTC by Damian Kaczmarek
Modified: 2017-04-04 13:01 UTC (History)
3 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Damian Kaczmarek 2014-03-11 13:39:47 UTC
I have official mono for openSUSE 12.3. The problem occurs only on Mono, Windows/.NET talks properly to the server in question:

> mono --version
Mono JIT compiler version 3.2.8 (tarball Mon Mar 10 19:23:00 UTC 2014)
> wget https://raw.github.com/mono/mono/mono-3.2.8-branch/mcs/class/Mono.Security/Test/tools/tlstest/tlstest.cs
> mcs tlstest.cs /r:System.dll /r:Mono.Security.dll
> mono tlstest.exe "https://translator.rushbase.net"

It correctly detects and prints certifcate data but ends with:

Error #-2146762486: CERT_E_CHAINING 0x800B010A

The server is properly configured as shown on https://www.ssllabs.com/ssltest/analyze.html?d=translator.rushbase.net

Heck, I even send too many CA certificates.

Please advice
Comment 1 Damian Kaczmarek 2014-03-11 13:42:17 UTC
Also, this is not a problem with server's cipher list as the other non-SNI host with same configuration works properly on the same server: https://code2flow.com

The bug may be somehow connected to mixing SNI and this particular cipher list...
Comment 2 Zoltan Varga 2014-03-11 14:14:54 UTC
-> classlibs.

Note You need to log in before you can comment on or make changes to this bug.