Exception in ssl certificate code

Question

I made a client server socket connection with sslStream but there is a a exception on server when the code reaches to line AuthenticateAsServer I searched in internet but I couldn't find a good answer why it happens. I made the .pfx testfile in my project and made a simple password for it. I don't know the problem is from file or not.

the exception is in line: sslStream.AuthenticateAsServer(certificate);

basic exception is: a call to sspi failed

inner exception is: clientsThe client and server cannot communicate, because they do not possess a common algorithm

server is a little long and I add the part of code that exception happens and all of client code:

this is server:

 public void AcceptCallBack(IAsyncResult ar) 
        {
        //    clients.Add(new myClient(server.EndAccept(ar)));
        //    try
       //     {
                myClient c = new myClient();

               // Socket handle = (Socket)ar.AsyncState;
                TcpListener handle = (TcpListener)ar.AsyncState;
                byte[] buff=new byte[2048] ;
               // Socket hand = handle.EndAccept(out buff,ar);
                TcpClient hand = handle.EndAcceptTcpClient(ar);
                dowork.Set();
                c.tcp = hand;
                clients.Add(c);
               // hand.BeginReceive(c.buffer, 0, c.buffer.Length, SocketFlags.None, new AsyncCallback(receiveIDCallBack), c);
                using (SslStream sslStream = new SslStream(hand.GetStream()))
                {
                    sslStream.AuthenticateAsServer(certificate);
                    // ... Send and read data over the stream
                    sslStream.BeginWrite(buff,0,buff.Length,new AsyncCallback(sendCallBack),c);
                    count++;
                    sslStream.BeginRead(c.buffer,0,c.buffer.Length,new AsyncCallback(receiveIDCallBack),c);
                }
       //     }
         //   catch(Exception)
          //  {

         //   }
        }//end of acceptcallback function

this is client:

using UnityEngine;
using System.Collections;
using System;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Net.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
public class sslCode : MonoBehaviour {


   // private Socket _clientSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
    private byte[] _recieveBuffer = new byte[8142];

   static string server = "127.0.0.1";
    TcpClient client;

    public string message;
    public string receive;
    public string send;
    private void SetupServer()
    {
        try
        {

           // client.Connect(new IPEndPoint(IPAddress.Parse("127.0.0.1"), 1500));
            client = new TcpClient(server,1500);
            message = "connected";
        }
        catch (SocketException ex)
        {
            Debug.Log(ex.Message);
            message = ex.Message;
        }

       // _clientSocket.BeginReceive(_recieveBuffer, 0, _recieveBuffer.Length, SocketFlags.None, new AsyncCallback(ReceiveCallback), null);
        // Create a secure stream
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
            new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
            sslStream.AuthenticateAsClient(server);

            // ... Send and read data over the stream
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback),null);
        }

    }

    private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        throw new NotImplementedException();
    }// end of setup server

    private void ReceiveCallback(IAsyncResult AR)
    {
        //Check how much bytes are recieved and call EndRecieve to finalize handshake
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
       new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
            sslStream.AuthenticateAsClient(server);
            // ... Send and read data over the stream


            int recieved = sslStream.EndRead(AR);

            if (recieved <= 0)
                return;

            //Copy the recieved data into new buffer , to avoid null bytes
            byte[] recData = new byte[recieved];
            Buffer.BlockCopy(_recieveBuffer, 0, recData, 0, recieved);

            //Process data here the way you want , all your bytes will be stored in recData

            receive = Encoding.ASCII.GetString(recData);

            //Start receiving again
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback), null);
        }
    }// end of receiveCallBack

    private void SendData(string dd)
    {
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
       new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
          sslStream.AuthenticateAsClient(server);

            // ... Send and read data over the stream

            byte[] data = Encoding.ASCII.GetBytes(dd);
            SocketAsyncEventArgs socketAsyncData = new SocketAsyncEventArgs();
            socketAsyncData.SetBuffer(data, 0, data.Length);
           sslStream.BeginWrite(data,0,data.Length,new AsyncCallback(sendcallback),null);
            send = dd;
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback), null);
        }
    }

    private void sendcallback(IAsyncResult ar)
    {

    }// end of send data

can this be problem of certificate file generated in vs or options of windows?

I searched a little more on internet and and I think there should be probability of algorithm mismatch that I use for my certificate file and what windows 8.1 can understand. i really don't know....

that algorithms that vs let me make for my certificate are "sha256RSA" and "sha1RSA" thanks for your help

Answer 1

i made the .pfx testfile in my project

That's a Big Red Flag. Without knowing anything about the tools you use, the best guess is that you created a signing certificate. It is not suitable for key exchange. A failure-mode covered by this blog post.

Without knowing anything about your OS, I'd have to guess that you use Linux. In which case this question ought to be helpful. If that's a wrong guess then help yourself by googling "create self signed ssl certificate, add the appropriate keywords to select your OS and/or tool chain.

Answer 2

thank you my friends, i finally could find my problem.

the code needed a little edit but the main problem wasnt the code.

the problem was from the way certificate files work. i just had generated a pfx file and gave its address to code below:

sslStream.AuthenticateAsServer(server);

but now i made the pfx format in internet options and imported it to personal section, after that exported it to trusted root section, so cer format of that pfx file will be generateed that only contains the public key of that pfx file.

so right now code runs very well.