c# - ClientWebSocket on Linux throws AuthenticationException (SSL) -


i run following websocket client code on windows , works fine - expected. if code published linux-arm , copied raspberrypi3 (runs under raspian) end in authenticationexception.

csproj file content:

  <propertygroup>     <outputtype>exe</outputtype>     <targetframework>netcoreapp2.0</targetframework>   </propertygroup>    <itemgroup>     <packagereference include="newtonsoft.json" version="10.0.3" />     <packagereference include="system.net.websockets.client" version="4.3.1" />   </itemgroup> 

the connection attempt: (the point exception thrown)

private readonly clientwebsocket _socket;  public apiconnection() {     _socket = new clientwebsocket(); }  public async task connect() {     // uri like: wss://example.com/ws     await _socket.connectasync(new uri(_settings.websocketurl), cancellationtoken.none);      if (_socket.state == websocketstate.open)         console.writeline("connected."); } 

exception stack:

system.net.websockets.websocketexception (0x80004005): unable connect remote server ---> system.security.authentication.authenticationexception: remote certificate invalid according validation procedure.          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.net.security.sslstate.startsendauthresetsignal(protocoltoken message, asyncprotocolrequest asyncrequest, exceptiondispatchinfo exception)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreceiveblob(byte[] buffer, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreceiveblob(byte[] buffer, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.partialframecallback(asyncprotocolrequest asyncrequest)       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.net.security.sslstate.internalendprocessauthentication(lazyasyncresult lazyresult)          @ system.net.security.sslstate.endprocessauthentication(iasyncresult result)          @ system.net.security.sslstream.endauthenticateasclient(iasyncresult asyncresult)          @ system.threading.tasks.taskfactory`1.fromasynccorelogic(iasyncresult iar, func`2 endfunction, action`1 endaction, task`1 promise, boolean requiressynchronization)       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.net.websockets.websockethandle.<connectasynccore>d__24.movenext()          @ system.net.websockets.websockethandle.<connectasynccore>d__24.movenext()       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.net.websockets.clientwebsocket.<connectasynccore>d__16.movenext()       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.runtime.compilerservices.taskawaiter.getresult() 

the target websocket server running behind nginx proxy on ubuntu. think problem relies on client because if code executed on windows works fine.

i tried importing ca certifacte raspians "certificate store". no luck.

update:
http connection (ws://) works on linux. seems, websocketclient didn't trust letsencrypt cert?

this happens when browser / client not trust ssl cert server throwing @ it.

to test, load same url / url on same site in browser, should warning.

when cert issue resolved warning go away.

the exact process resolving ssl cert issues dependent on lot of things ...

os, web server, cert authority, cert providers portal it's near impossible on here give specifics fixing cert issues, said ...

there bit of generic advice on here on se network ...

https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list

https://unix.stackexchange.com/questions/17748/trust-a-self-signed-pem-certificate

in case, rasbian based on debian, standard debian advice might ...

in debian, certificates stash located in /etc/ssl/certs/. directory contains default series of symlinks points certificates installed ca-certificates package (including needed symlinks generated c_rehash(1)) , ca-certificates.crt concatenation of these certificates. managed update-ca-certificates(8) command taking care of updating symlinks , ca-certificates.crt file.

adding new (ca) certificate stash quite easy update-ca-certificates(8) looking files in /usr/local/share/ca-certificates/, administrator has place new certificate in pem format in directory (with .crt extension) , run update-ca-certificates(8) root. applications on system (wget, …) should trust it.

the other possible solution might "i trust code not request bad url's i'll ignore ssl cert errors" ...

c# ignore certificate errors?

... that's not ideal, @ least gives work around until can resolve issue, worst case still check coding own check instead of blanket return true.

final point:

i find no matter os, doing simple reboot or 2 in between tests / checks can clear out wouldn't consider issue.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -