Bug 25524 - TLS failure with CERT_E_UNTRUSTEDROOT with correct certificate
Summary: TLS failure with CERT_E_UNTRUSTEDROOT with correct certificate
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Martin Baulig
URL:
Depends on:
Blocks:
 
Reported: 2014-12-19 05:38 UTC by eb1
Modified: 2017-04-04 13:15 UTC (History)
2 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description eb1 2014-12-19 05:38:20 UTC
The following code fails for this particular host.

	var request = WebRequest.CreateHttp("https://jira.sil.org"); /* doesn't work */
	//var request = WebRequest.CreateHttp("https://www.google.com"); /* works */
	var response = (HttpWebResponse)request.GetResponse();

Running

> mcs tlstest.cs /r:System.dll /r:Mono.Security.dll
> mono tlstest.exe --web "https://jira.sil.org"

ends with 

Error #-2146762487: CERT_E_UNTRUSTEDROOT 0x800B0109

although the certificates are installed with mozroots and the certificate of that host is valid.

No error shows when I leave out the "--web" parameter:

> mono tlstest.exe "https://jira.sil.org"

It doesn't work even when I explicitly import the certificates with:

> certmgr -ssl https://jira.sil.org

Debugging into it I see that mono calculates a different certificate chain from the certificate chain that Firefox shows.

Note You need to log in before you can comment on or make changes to this bug.