Mono TLS1.2 problems - btls-cert-sync & ldquo; Order not found & rdquo;

advertisements

Summary:

My company uses TargetProcess (TP) to track progress on open projects and we've created a relatively small bit of code that imports updates to TargetProcess. Currently upon build submission, we spin up a debian docker image, with Mono pre-installed, and it runs our small .NET(C#) program to connect our updates to TP.

Repro:

It appears TP recently updated their API to only accept TLS1.2 connections, so we had to create a new docker image with Mono 4.8, the Alpha channel, on it (per this article). The program still doesn't work out of the box with this new Mono installation on a docker image so we took a few steps: (following the prompting from Mono's Security FAQ)

// Made sure that the most current version ca-certificates-mono is installed
// and it seems to have been installed upon installation of mono 4.8
apt-get install ca-certificates-mono

// This should be an unnecessary step from what I read, but ran anyway
cert-sync /etc/ssl/certs/ca-certificates.crt

// lastly btls-cert-sync command, but can't seem to get it to not return
// "command not found" no matter wher I try running it
btls-cert-sync

Testing:

There seems to be a really helpful thread on how to test if your certs are formatted correctly. After running this test command in my docker image, I'm still seeing the failure message below.

MONO_TLS_PROVIDER=btls csharp -e 'Console.WriteLine (new System.Net.WebClient ().DownloadString ("https://www.howsmyssl.com/").IndexOf ("1.2"))'

// error message
System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED) ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSLroutines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

Any help or advice to get our instance of mono to accept TLS1.2 connections would be awesome.


btls-cert-sync is a shell script for btls-cert-sync.exe

Find btls-cert-sync.exe, normally installed in 4.8.0/lib/mono/4.8 and run it with mono:

mono btls-cert-sync.exe