Bug 19031 - Certificate error (invalid signature) when validating www.gravatar.com chain
Summary: Certificate error (invalid signature) when validating www.gravatar.com chain
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: 3.2.x
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Martin Baulig
Depends on:
Reported: 2014-04-14 10:04 UTC by Jo Shields
Modified: 2017-07-10 21:28 UTC (History)
7 users (show)

See Also:
Is this bug a regression?: ---
Last known good build:


Description Jo Shields 2014-04-14 10:04:18 UTC
It looks like Mono doesn't support some ciphers, such as ECDHE-RSA-RC4-SHA

As a result, whilst openssl is happy to connect to gravatar.com:

$ openssl s_client -connect www.gravatar.com:443 -CApath /etc/ssl/certs/
subject=/OU=Domain Control Validated/CN=*.gravatar.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
No client certificate CA names sent
SSL handshake has read 4365 bytes and written 347 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: CBB550B7487A21D654B9B898D5E8B1FCA7349FBA0740A870D9334910BE48FDC4
    Master-Key: FBA4156CE0AE39F68D640FD5D74ADA82BE8B2ADB02A8B09D678BA7F9EF17DA8CFEAD9B3435C3B5C81F4E7D3D4C4A6B05
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    Start Time: 1397483978
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

Mono tools fail on the same address, and report an invalid signature:

$ certmgr -ssl -v https://www.gravatar.com
Mono Certificate Manager - version
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Importing certificates from 'https://www.gravatar.com' into the user stores.

X.509 Certificate v3
   Issued from: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority
   Issued to:   C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
   Valid from:  01/01/2014 07:00:00
   Valid until: 30/05/2031 07:00:00
   *** WARNING: Certificate signature is INVALID ***
Comment 1 Miguel de Icaza [MSFT] 2014-04-15 16:25:19 UTC
Correct, we do not have support for ECDHE-RSA-RC4-SHA it is just a lot of work.
Comment 2 Sebastien Pouliot 2014-04-16 14:25:11 UTC
That certificate validation issue has nothing to do with ECDHE-RSA-RC4-SHA (which we do not support) or any TLS ciphers used in SSL/TLS.

IOW the certificate validation (and the algorithms used for the certificate) are not related to the SSL/TLS negotiated cipher.

Also the fact that `certmgr` is getting the server certificate means there was a negotiated TLS session between your computer and www.gravatar.com (which means both could agree on a cipher suite).
Comment 3 Sebastien Pouliot 2014-04-16 16:19:47 UTC
The certificates were signed with `sha256RSA` for which we added support a while ago IIRC. Now I could be wrong (or there might be multiple OID used for the same algorithm, nothing can be simple wrt X509).
Comment 4 Steve Foxover 2015-02-18 17:11:04 UTC
Any updates on this issue. I had a service break because a third party site updated their cert to godaddy. 



This throw an exception on
using (var webResponse = (HttpWebResponse)webRequest.GetResponse())

If you cannot support all TLS ciphers can you just map HttpWebResponse methods to a dll that calls curl with openssl?

ex	{System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.   at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0    at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0    --- End of inner exception stack trace ---   at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00000] in <filename unknown>:0    at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0    --- End of inner exception stack trace ---   --- End of inner exception stack trace ---   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0    at System.Net.HttpWebRequest.GetResponse () [0x00000] in <filename unknown>:0    at MetascanService.MetaScanFileScan+<ScanAdvertiserHashes>c__AnonStorey0.<>m__0 (MetascanService.Advertiser adv, System.Threading.Tasks.ParallelLoopState state) [0x000f7] in /home/sfoxover/appdev/avscans/trunk/MetascanService/MetascanService/MetaScanFileScan.cs:87 }	System.Net.WebException
Comment 5 Miguel de Icaza [MSFT] 2015-02-18 18:11:09 UTC
Steve, that looks like a separate issue.

This looks like you are hitting this: #27169
Comment 6 Steve Foxover 2015-02-18 18:43:53 UTC
Thanks I will keep an eye on #27169.
Comment 7 Sebastien Pouliot 2015-02-20 13:56:19 UTC
@Steve your issue does not look related to bug #27169.

What happens with the server you're accessing is that it accept only a very limited number (4) of cipher suites [1], all of them ECDHE-based which is not supported by Mono.

[1] https://www.ssllabs.com/ssltest/analyze.html?d=hashlookup.metascan-online.com

Note You need to log in before you can comment on or make changes to this bug.