Client Certificate does not work on .NET 6.0 on MacOS #80490
Comments
|
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue DetailsDescriptionWhen I make a simple https call with HttpClient using a Client certificate, I get this error: <html> <head><title>400 The SSL certificate error</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The SSL certificate error</center> <hr><center>nginx</center> </body> </html>The tricky part is that this ONLY happens if:
Reproduction Steps
I wrote some code that reproduces the problem, but might be tricky since I cannot share the API I am pointing to: const string url = "https://myservice";
const string path = "myendpoint";
var fileData = File.ReadAllBytes("/some/certificate.p12");
var certificate = new X509Certificate2(fileData, "the_cert_password");
var handler = new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual
};
handler.ClientCertificates.Add(certificate);
var httpClient = new HttpClient(handler)
{
BaseAddress = new Uri(url)
};
var httpMessage = new HttpRequestMessage
{
Content = new StringContent("{}", Encoding.UTF8, "application/json"),
Method = HttpMethod.Post,
RequestUri = new Uri($"{httpClient.BaseAddress}{path}")
};
var result = await httpClient.SendAsync(httpMessage);
var content = await result.Content.ReadAsStringAsync();
Console.WriteLine(content);Expected behaviorTo be properly authenticated and get a valid response from the server Actual behavior<html> <head><title>400 The SSL certificate error</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The SSL certificate error</center> <hr><center>nginx</center> </body> </html>Regression?No response Known WorkaroundsUse .NET Core 3.1 or .NET 7.0 (not valid on my situation though) Configuration.NET 6.0.9 Other informationNo response
|
wfurt
added
os-mac-os-x
|
This issue has been marked |
|
Moving to 7.0 is not an option in my case, since it is not LTS, would have to move back to 3.1 and I REALLY want to avoid that. |
ghost
added
needs-further-triage
|
To see if the issue is really dup of #66537 you should get packet captures of the handshake with Wireshark. Server will send "CertificateRequest" and client will send 0 or more certificates as response. 3.1 is out of support. You can try to convince @karelz but the servicing decision is really out of our hands. |
|
Sorry if the information is shallow, but yes, I see clear differences between the certificate packages sent by my client, depending on the .NET version .NET 6 seems to send 1 certificate less, so I guess that this makes it a duplicate of #66537? 6.0 looks like: 3.1 looks like: |
Yes. We will see if this meets the bar for servicing and update this issue later. |
karelz
removed
the
needs-further-triage
|
can you somehow quantify the impact @lucaslra? We will need some justification for servicing approval. You can send me details to my GH email. |
|
@lucaslra any details on the impact? Without additional info we won't be able to service it. |
|
@lucaslra ping? |
|
Missing details on impact - no response for 1 month. Closing. |
Description
When I make a simple https call with HttpClient using a Client certificate, I get this error:
The tricky part is that this ONLY happens if:
Reproduction Steps
I wrote some code that reproduces the problem, but might be tricky since I cannot share the API I am pointing to:
Expected behavior
To be properly authenticated and get a valid response from the server
Actual behavior
Regression?
No response
Known Workarounds
Use .NET Core 3.1 or .NET 7.0 (not valid on my situation though)
Configuration
.NET 6.0.9
MacOS Ventura 13.0.1
x64
Other information
No response
The text was updated successfully, but these errors were encountered: