Bug 591064

Summary: Problems with HTTPS since update to Version 1.5
Product: [Novell Products] MonoTouch Reporter: Dirk Seeber <d.seeber>
Component: RuntimeAssignee: Geoff Norton <gnorton>
Status: RESOLVED FIXED QA Contact: Mono Bugs <mono-bugs>
Severity: Major    
Priority: P5 - None CC: d.seeber
Version: SVN   
Target Milestone: ---   
Hardware: Macintosh   
OS: Mac OS X 10.6   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 591516    
Bug Blocks:    

Description Dirk Seeber 2010-03-25 09:53:11 UTC 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-de) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10

Since the update to MonoTouch 1.5 we have serious problems with HTTPS.

Until Version 1.4.7 we used the ServicePointManager.ServerCertificateValidationCallback to access HTTPS sites. But since Version 1.5 the callback handler doesn't get called. Instead we get the following Exception:

System.Net.WebException: Error writing request: The authentication or decryption has failed.  at System.Net.WebConnectionStream.WriteHeaders () [0x0003c] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/WebConnectionStream.cs:653 at System.Net.WebConnectionStream.SetHeaders (System.Byte[] buffer) [0x00093] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/WebConnectionStream.cs:622 at System.Net.HttpWebRequest.SendRequestHeaders (Boolean propagate_error) [0x00169] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/HttpWebRequest.cs:1124, Error writing request: The authentication or decryption has failed.  

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
System.Net.WebException: Error writing request: The authentication or decryption has failed.  at System.Net.WebConnectionStream.WriteHeaders () [0x0003c] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/WebConnectionStream.cs:653 at System.Net.WebConnectionStream.SetHeaders (System.Byte[] buffer) [0x00093] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/WebConnectionStream.cs:622 at System.Net.HttpWebRequest.SendRequestHeaders (Boolean propagate_error) [0x00169] in /Developer/MonoTouch/Source/mcs/class/System/System.Net/HttpWebRequest.cs:1124, Error writing request: The authentication or decryption has failed.  

Expected Results:  
Working HTTPS communication without exceptions.
Comment 1 Miguel de Icaza 2010-03-25 23:52:27 UTC 
In MonoTouch 1.5 we added a system that uses the device certificates instead of the previous setup where we basically bailed unless you had manually installed the certificates you trusted or you implicitly trusted all certificates with the callbacks (or you implemented your own validation).

Could you please share with me the https endpoint that is causing this problem?

As far as I can see in the code, if the iPhone stack determines that the certificate is invalid, it will still invoke your callback with the information and you can still say "This is ok".
Comment 2 Dirk Seeber 2010-03-26 13:06:08 UTC 
In our application we use two different URL's. The first one is "https://dev.a3000-filialapotheke.de/mobilecontrolling" and is working although the certificate is invalid. The validation handler gets called and the communication works well.

The second URL is "https://www.a3000-filialapotheke.de/MobileControlling" and there we're getting the described exceptions. Although the certificate is valid.

Hope that might help you.
Comment 3 Geoff Norton 2010-03-26 18:18:21 UTC 
The first url acts as expected, the second url isn't a regression, but a bug in mono's certificate parsing.
Comment 4 Gonzalo Paniagua Javier 2010-03-26 21:40:51 UTC 
I checked in a workaround in r154317 and the real bug has been entered a bug #591516.
Comment 5 Gonzalo Paniagua Javier 2010-04-07 05:23:55 UTC 
New bug to track is bug #594110
Comment 6 Geoff Norton 2010-04-28 19:05:54 UTC 
This is fixed in the next release.