0

I am trying to make a SSL connection between a client in Xamarin app (in iOS device), and a remote server listening to SSL connections. The thing is that my server is not authenticating correctly the client certificate. I have added to trusted certificates the server.pfx and client.pfx in my iPhone, should I try to add to trusted certificates both client and server in my ubuntu server too?

Client - side code :

try
{
    // Establish a TCP connection to the server
    var client = new TcpClient("...", 443);

    // Create an SslStream over the TCP connection
    var sslStream = new SslStream(client.GetStream(), false);

    // Authenticate the client with the server using a client SSL/TLS certificate, if necessary
    X509Certificate2 clientCertificate = new X509Certificate2("client.pfx", "root");

    Console.WriteLine($"[X509] Certificate subject: {clientCertificate.Subject}\n");

    X509Certificate2Collection collection = new X509Certificate2Collection();
    collection.Add(clientCertificate);

    Console.WriteLine($"[X509] Number of certs: {collection.Count}\n");

    await sslStream.AuthenticateAsClientAsync("...", collection, SslProtocols.Tls12, false);

Server - side code:

while (true)
{
    var client = listener.AcceptTcpClient();
    var clientEndpoint = client.Client.RemoteEndPoint as IPEndPoint;

    if (clientEndpoint != null)
    {
        var clientIp = clientEndpoint.Address.ToString();
        Console.WriteLine($"[TCP]Client connected from IP address: {clientIp}");
    }
    else
    {
        Console.WriteLine($"No client connected");
    }

    Console.WriteLine($"[TCP] Listening on port: {port}, ipaddr: {ipAddress}. Client availability:" + $"{client.Available}. ");

    // Wrap the stream with an SSL stream
    SslStream sslStream = new SslStream(client.GetStream(), false);

    try
    {
        // Authenticate the SSL connection with the private key password
        sslStream.AuthenticateAsServer(serverCertificate, true, SslProtocols.Tls12, false);
        // ...
    }
    catch() { }
}

Error that appears in server-side logs:

[TCP]Client connected from IP address: ... [TCP] Listening on port: 443, ipaddr: .... Client availability:0. Error: System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream. at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](CancellationToken cancellationToken) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken) at System.Net.Security.SslStream.AuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions) at Program.Main(String[] args) in /root/keyexchange_tfgraul/Program.cs:line 55

Client error log:

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Security.Interface.TlsException: CertificateUnknown at Mono.AppleTls.AppleTlsContext.EvaluateTrust () [0x000bf] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:306 at Mono.AppleTls.AppleTlsContext.ProcessHandshake () [0x00075] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:213 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:715 at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:289 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:223 --- End of inner exception stack trace ---

Any idea?

Any help is welcome, R.

Raul
  • 41
  • 4
  • Are there any client side logs? What code follows that in the client side? – Charlieface Mar 28 '23 at 01:44
  • You can refer to Apple's official thread: [How to get client certificate from application](https://developer.apple.com/forums/thread/120463), official document: [Handling an Authentication Challenge](https://developer.apple.com/documentation/foundation/url_loading_system/handling_an_authentication_challenge), to see if it inspires you – Zack Mar 28 '23 at 01:55
  • I tried to install .pfx certificates from server and client into my iphone device. I also add them into my ubuntu20.04 server into /usr/local/share/ca-certitificates and do an update-ca-certificates -f to trust my self-signed certificates in .pfx format. Nothing worked. – Raul Mar 28 '23 at 19:16
  • I've added the client and server logs into the main issue when authentication is happening in my c# programs (either xamarin and dotnet console program). – Raul Mar 28 '23 at 19:20
  • Looks like the server doesn't recognize the client's certificate, is it self-signed? – Charlieface Mar 28 '23 at 22:53
  • Yes, it is self-signed. – Raul Mar 30 '23 at 10:02
  • I do not know how to add my self-signed cert to trust-store of my ubuntu server. – Raul Mar 30 '23 at 10:03
  • You can try to ignore the certificate validation check, refer to the answer in the thread ["Xamarin PCL self signed certificate for Android and IOS"](https://stackoverflow.com/questions/46095705/xamarin-pcl-self-signed-certificat-for-android-and-ios#:~:text=You%20can%20use%20ServicePointManager%20to%20ignore%20the%20certificate%20validation%20check.). – Zack Apr 06 '23 at 01:14

0 Answers0