venerdì, novembre 20, 2009

Strange problem with certificates in mono (unsolved...)

I was testing GDocBackup on OpenSuse. GDocbackup runs on Win but also on Linux + Mono.
As many other times I got an error about authentication. No problem. The problem is related to SSL Certificates. GDocBackup authenticates through an https connetion. But Mono is shipped without many root certificates. So the error.
No problem: the solution is easy. Using mozroot I download all the root certificate. This solution has always worked. But today on OpenSuse I continue to get the error. :(
After a lot of tests and search it seems to be a problem with Mono. Some root certificates as not considered valid. One of them is the root certificate "on top" of www.google.com (the CA is Equifax certificate authority).

A fast solution: add an "accept all" CertificatePolicy in GDocBackup.
...
ServicePointManager.CertificatePolicy = new ByPassCheckCert();
...


private class ByPassCheckCert : ICertificatePolicy
{
public bool CheckValidationResult(
ServicePoint srvPoint,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
WebRequest request,
int certificateProblem)
{
return true;
}
}

Using this policy all https certificates is considered valid.

A note: ServicePointManager.CertificatePolicy is deprecated in NET 2.0. You should use ServicePointManager.ServerCertificateValidationCallback. But Mono does not suport it. ("to be implemented" )

This is not a good day.... :(

Some links:
  • http://code.google.com/p/google-gdata/issues/detail?id=238&can=1&q=certificate
  • https://bugzilla.novell.com/show_bug.cgi?id=495690
  • http://www.mail-archive.com/mono-list@lists.ximian.com/msg30929.html
  • https://bugzilla.novell.com/show_bug.cgi?id=495916