Bug 3664 - [Regression] Exception validating Apple certificate chain
Summary: [Regression] Exception validating Apple certificate chain
Status: NEEDINFO
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: master
Hardware: PC Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Sebastien Pouliot
URL:
Depends on:
Blocks:
 
Reported: 2012-02-28 06:07 UTC by Jérémie Laval
Modified: 2016-07-31 17:12 UTC (History)
2 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Jérémie Laval 2012-02-28 06:07:47 UTC
On a recent mono (master/b42a20c) trying to access https://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom returns the following error:

ERROR building certificate chain: System.ArgumentOutOfRangeException: startIndex + length > this.length
Parameter name: length
  at System.String.Substring (Int32 startIndex, Int32 length) [0x0007c] in /Users/jeremie/mono/mono/mcs/class/corlib/System/String.cs:342 
  at System.String.Split (System.String[] separator, Int32 count, StringSplitOptions options) [0x00143] in /Users/jeremie/mono/mono/mcs/class/corlib/System/String.cs:286 
  at System.String.Split (System.String[] separator, StringSplitOptions options) [0x00000] in /Users/jeremie/mono/mono/mcs/class/corlib/System/String.cs:316 
  at System.Security.Cryptography.X509Certificates.X500DistinguishedName.AreEqual (System.Security.Cryptography.X509Certificates.X500DistinguishedName name1, System.Security.Cryptography.X509Certificates.X500DistinguishedName name2) [0x00037] in /Users/jeremie/mono/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs:215 
  at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x0012b] in /Users/jeremie/mono/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:554 
  at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00093] in /Users/jeremie/mono/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:506 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0001f] in /Users/jeremie/mono/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:115 
  at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x000a3] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/ServicePointManager.cs:486 
Please, report this problem to the Mono team

This doesn't happen with Mono 2.10.8, additionally setting either ServicePointManager's CertificatePolicy or ServerCertificateValidationCallback don't workaround the problem.
Comment 1 Jérémie Laval 2012-02-28 06:57:41 UTC
On "close to master" 4cb9ef31869, no error is displayed but the DownloadString call waits indefinitely.

"<unnamed thread>" tid=0x0x7fff71fc1960 this=0x0x10eb51ea0 thread handle 0x103 state : waiting on 0x10a : Event  owns ()
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Threading.WaitHandle.WaitOne_internal (System.Threading.WaitHandle,intptr,int,bool) <IL 0x0001c, 0xffffffff>
  at System.Threading.WaitHandle.WaitOne (int,bool) [0x00032] in /Users/jeremie/mono/mono/mcs/class/corlib/System.Threading/WaitHandle.cs:385
  at System.Net.WebAsyncResult.WaitUntilComplete (int,bool) [0x0000d] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebAsyncResult.cs:164
  at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult) [0x0002e] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/HttpWebRequest.cs:892
  at System.Net.HttpWebRequest.GetResponse () [0x0000e] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/HttpWebRequest.cs:906
  at System.Net.WebClient.GetWebResponse (System.Net.WebRequest) [0x00000] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:1451
  at System.Net.WebClient.ReadAll (System.Net.WebRequest,object) [0x00000] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:884
  at System.Net.WebClient.DownloadDataCore (System.Uri,object) [0x0000a] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:255
  at System.Net.WebClient.DownloadData (System.Uri) [0x00024] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:243
  at System.Net.WebClient.DownloadString (string) [0x00011] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:683
  at (wrapper remoting-invoke-with-check) System.Net.WebClient.DownloadString (string) <IL 0x00039, 0xffffffff>
  at TestXar/AppleDocHandler.LoadAppleFeed (string) [0x00040] in /Users/jeremie/mono/test-xar.cs:63
  at TestXar/AppleDocHandler.DownloadAppleDocsIfNecessary (string,System.Func`1<System.Action`1<int>>) [0x00001] in /Users/jeremie/mono/test-xar.cs:122
  at TestXar.Main (string[]) [0x00007] in /Users/jeremie/mono/test-xar.cs:18
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <IL 0x00050, 0xffffffff>

"Threadpool worker" tid=0x0x10fe2d000 this=0x0x10f4159c0 thread handle 0x114 state : interrupted state owns ()
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Threading.WaitHandle.WaitOne_internal (System.Threading.WaitHandle,intptr,int,bool) <IL 0x0001c, 0xffffffff>
  at System.Threading.WaitHandle.WaitOne () [0x00015] in /Users/jeremie/mono/mono/mcs/class/corlib/System.Threading/WaitHandle.cs:361
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult) [0x00023] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:428
  at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream) [0x0000a] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:442
  at Mono.Security.Protocol.Tls.SslStreamBase.InternalReadCallback (System.IAsyncResult) [0x00091] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:677
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object (object,intptr,intptr,intptr) <IL 0x00052, 0xffffffff>
Comment 2 Sebastien Pouliot 2012-03-23 09:46:56 UTC
I'm able to access the provided URL with both Mono 2.10 and master.

$ cat 3664.cs
using System;
using System.Net;

class Program {
	static void Main ()
	{
		WebClient wc = new WebClient ();
		Console.WriteLine (wc.DownloadString ("https://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom"));
	}
}
$ mcs 3664.cs
$ mono --version
Mono JIT compiler version 2.10.8 (tarball Mon Dec 19 17:43:18 EST 2011)
Copyright (C) 2002-2011 Novell, Inc, Xamarin, Inc and Contributors. www.mono-project.com
	TLS:           normal
	SIGSEGV:       normal
	Notification:  kqueue
	Architecture:  x86
	Disabled:      none
	Misc:          debugger softdebug 
	LLVM:          yes(2.9svn-mono)
	GC:            Included Boehm (with typed GC)
$ mono 3664.exe
<?xml version="1.0" standalone="yes"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:docset="http://developer.apple.com/rss/docset_extensions" xml:lang="en">
    <id>http://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom/</id>
    <title type="text">Apple iOS 5.0</title>
    <author>
        <name>Apple Developer Connection</name>
        <uri>http://developer.apple.com/</uri>
    </author>
    <rights>Copyright 2011 Apple Inc.</rights>
    <link rel="self" href="http://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom"></link>
    <updated>2012-02-20T10:47:14-08:00</updated>
    <docset:publisherName>Apple</docset:publisherName>
    <docset:publisherID>com.apple.adc.documentation</docset:publisherID>
    <entry>
        <id>tag:developer.apple.com,2012-01-06:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/40.2.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-01-06T16:02:44-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="http://devimages.apple.com/docsets/20120109/com.apple.adc.documentation.AppleiOS5_0.iOSLibrary.xar" length="390191285"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>40.2.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
    <entry>
        <id>tag:developer.apple.com,2012-02-17:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/41.6.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-02-17T13:37:05-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="MISSING" length="413306405"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>41.6.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
    <entry>
        <id>tag:developer.apple.com,2012-02-20:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/41.7.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-02-20T10:47:14-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="http://devimages.apple.com/docsets/20120216/com.apple.adc.documentation.AppleiOS5_0.iOSLibrary.xar" length="413297485"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>41.7.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
</feed>

$ /opt/mono/bin/mono --version
Mono JIT compiler version 2.11 (master/4e60ea8 Fri 23 Mar 2012 08:44:57 EDT)
Copyright (C) 2002-2011 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
	TLS:           normal
	SIGSEGV:       altstack
	Notification:  kqueue
	Architecture:  x86
	Disabled:      none
	Misc:          softdebug 
	LLVM:          supported, not enabled.
	GC:            Included Boehm (with typed GC)
$ /opt/mono/bin/mono 3664.exe 
<?xml version="1.0" standalone="yes"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:docset="http://developer.apple.com/rss/docset_extensions" xml:lang="en">
    <id>http://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom/</id>
    <title type="text">Apple iOS 5.0</title>
    <author>
        <name>Apple Developer Connection</name>
        <uri>http://developer.apple.com/</uri>
    </author>
    <rights>Copyright 2011 Apple Inc.</rights>
    <link rel="self" href="http://developer.apple.com/rss/com.apple.adc.documentation.AppleiPhone5_0.atom"></link>
    <updated>2012-02-20T10:47:14-08:00</updated>
    <docset:publisherName>Apple</docset:publisherName>
    <docset:publisherID>com.apple.adc.documentation</docset:publisherID>
    <entry>
        <id>tag:developer.apple.com,2012-01-06:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/40.2.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-01-06T16:02:44-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="http://devimages.apple.com/docsets/20120109/com.apple.adc.documentation.AppleiOS5_0.iOSLibrary.xar" length="390191285"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>40.2.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
    <entry>
        <id>tag:developer.apple.com,2012-02-17:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/41.6.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-02-17T13:37:05-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="MISSING" length="413306405"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>41.6.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
    <entry>
        <id>tag:developer.apple.com,2012-02-20:com.apple.adc.documentation.AppleiOS5_0.iOSLibrary/41.7.0</id>
        <title type="text">iOS 5.0 Library</title>
        <updated>2012-02-20T10:47:14-08:00</updated>
        <content type="text">API reference and conceptual documentation for iOS 5.0.</content>
        <link rel="enclosure" type="application/octet-stream" href="http://devimages.apple.com/docsets/20120216/com.apple.adc.documentation.AppleiOS5_0.iOSLibrary.xar" length="413297485"></link>
        <docset:identifier>com.apple.adc.documentation.AppleiOS5_0.iOSLibrary</docset:identifier>
        <docset:version>41.7.0</docset:version>
        <docset:signer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:signer>
        <docset:issuer>CN=ADC DocSet Update,O=Apple Inc.,OU=Apple Developer Connection,C=US</docset:issuer>
        <docset:minimumXcodeVersion>4.2.0</docset:minimumXcodeVersion>
    </entry>
</feed>
Comment 3 Jérémie Laval 2012-04-05 05:27:19 UTC
Hey Seb,

So now with master it indeed works better except on some run your test program hangs for me:

Full thread dump:

"Threadpool monitor" tid=0x0x10b416000 this=0x0x10a9f84e0 thread handle 0xa08 state : interrupted state owns ()

"Threadpool worker" tid=0x0x10b619000 this=0x0x10a9f83a8 thread handle 0xa09 state : interrupted state owns ()

"<threadpool thread>" tid=0x0x10b73c000 this=0x0x10a9f8000 thread handle 0xa0e state : interrupted state owns ()

"IO Threadpool worker" tid=0x0x10b77f000 this=0x0x10b6b7ea0 thread handle 0xa0f state : interrupted state owns ()

"Threadpool worker" tid=0x0x10b992000 this=0x0x10b6b7d68 thread handle 0xa11 state : interrupted state owns ()

"Threadpool worker" tid=0x0x10bb9d000 this=0x0x10b6b7af8 thread handle 0xa13 state : interrupted state owns ()
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Threading.WaitHandle.WaitOne_internal (System.Threading.WaitHandle,intptr,int,bool) <IL 0x0001c, 0xffffffff>
  at System.Threading.WaitHandle.WaitOne () [0x00015] in /Users/jeremie/mono/mono/mcs/class/corlib/System.Threading/WaitHandle.cs:361
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult) [0x00023] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:428
  at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream) [0x0000a] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:442
  at Mono.Security.Protocol.Tls.SslStreamBase.InternalReadCallback (System.IAsyncResult) [0x00091] in /Users/jeremie/mono/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:677
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object (object,intptr,intptr,intptr) <IL 0x00052, 0xffffffff>

"<unnamed thread>" tid=0x0x7fff7f15f960 this=0x0x10a9f8ea0 thread handle 0xa03 state : waiting on 0xa0a : Event  owns ()
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Threading.WaitHandle.WaitOne_internal (System.Threading.WaitHandle,intptr,int,bool) <IL 0x0001c, 0xffffffff>
  at System.Threading.WaitHandle.WaitOne (int,bool) [0x00032] in /Users/jeremie/mono/mono/mcs/class/corlib/System.Threading/WaitHandle.cs:385
  at System.Net.WebAsyncResult.WaitUntilComplete (int,bool) [0x0000d] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebAsyncResult.cs:164
  at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult) [0x0002e] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/HttpWebRequest.cs:892
  at System.Net.HttpWebRequest.GetResponse () [0x0000e] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/HttpWebRequest.cs:906
  at System.Net.WebClient.GetWebResponse (System.Net.WebRequest) [0x00000] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:1473
  at System.Net.WebClient.ReadAll (System.Net.WebRequest,object) [0x00000] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:905
  at System.Net.WebClient.DownloadDataCore (System.Uri,object) [0x0000a] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:256
  at System.Net.WebClient.DownloadData (System.Uri) [0x00024] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:244
  at System.Net.WebClient.DownloadString (string) [0x00011] in /Users/jeremie/mono/mono/mcs/class/System/System.Net/WebClient.cs:704
  at (wrapper remoting-invoke-with-check) System.Net.WebClient.DownloadString (string) <IL 0x00039, 0xffffffff>
  at Program.Main () [0x00007] in /Users/jeremie/mono/mono/1664.cs:8
  at (wrapper runtime-invoke) object.runtime_invoke_void (object,intptr,intptr,intptr) <IL 0x0004c, 0xffffffff>

Deadlock or sync bug?

Note You need to log in before you can comment on or make changes to this bug.