current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I developed a server application with C# .NET 4 , and I am meeting a problem when i try to connect to this server with a mutual authenticated SSL communication. It works well with a 1 way authentication but when i try to move to mutual authentication, the application rise the following exception:

 System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message or signature supplied for verification has been altered

at the beginning i thought it was a certificate problem on client side, but when i try to connect the client to openssl binary server(openssl.exe s_server --accept ...) it works well !! i also tried to use openssl binary in client mode to connect to my server (openssl.exe s_client --connect...) and i met the same problem. The function that rise the exception is sslStream.AuthenticateAsServer Here is the code:

using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using System.Windows.Forms;
using System.Security.Authentication;
using System.Net;
using System.Net.Sockets;

  ...
  TcpClient clientSocket = listener.AcceptTcpClient();
  if (clientSocket != null)
  {
        HandleClient(clientSocket);
  }
}
static void HandleClient(TcpClient client)
{
     using (SslStream sslStream = new SslStream(client.GetStream(), false,
     new RemoteCertificateValidationCallback(ValidateClientCertificate), null))
     {
      X509Certificate2 serverCertificate = new X509Certificate2 ("ssl_server.p12","toto");
      try {
           sslStream.AuthenticateAsServer (certificate, true, System.Security.Authentication.SslProtocols.Ssl3, false);
     }
     catch (Exception e)
     {
     }

}

}

i tried to use other constructors, but it's always the same result. 

SslStream sslStream = new SslStream (client.GetStream (), false);
try {
sslStream.AuthenticateAsServer (serverCertificate, true,SslProtocols.Default, false);
...
}

I added the C.A root to the store and i verified that it has been added. with X509store class. I really don't know what to do, i change certificate's format (i tried .cer, pkcs12)

I also tried to find a similar situation with Google, but nothing interesting. Any help or suggestion is welcome.

share|improve this question
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.