1

I am trying to establish a connection to Apple's APNS Service. I am running Mono on Ubuntu. The code being used to make the connection works in a Windows environment with no issue. The code is part of an NT Service (system process), not a web site or service.

Here is some information on the environment: Ubuntu 12.10. Mono 3.0.5. Using Mono's Certmgr:

  • I installed the APNS Certificate in the Mono machine cert store (MY).
  • I installed the APNS Certificate private key in the Mono machine cert store (keypairs).
  • I installed the Entrust.net Certification Authority (2048) Root Certificate in the Mono machine cert store (TRUST).
  • I installed the Entrust Certification Authority - 1LC Intermediate Certificate in the Mono machine cert store (CA).

Telnet is able to reach gateway.push.apple.com:2195. I am debugging the code in MonoDevelop. MonoDevelop is running as Root (gksudo).

Here is the error I am receiving:

System.IO.IOException: The authentication or decryption has failed. --->
Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 }

Here is the code I am using to establish the connection:

m_client = new TcpClient("gateway.push.apple.com", 2195);
m_ssl = new SslStream(m_client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
m_ssl.AuthenticateAsClient("gateway.push.apple.com", m_certColl, System.Security.Authentication.SslProtocols.Tls, false);

More information from the debugger:

m_certColl contains 1 Certificate, the APNS Certificate, as it should. I confirmed in the debugger that the public key and private key are both being populated. The RemoteCertificateValidationCallback returns NO SslPolicyErrors. I can confirm that the chain includes 3 certificates. 1 containing Apple's public key for gateway.push.apple.com, 1 containing Entrust's Intermediate Certificate, and 1 containing Entrust's Root Certificate.

I've double and triple checked everything, and I just don't know where to go from here. Any help would be very appreciated!

user1585458
  • 31
  • 4

1 Answers1

0

Figured this out. It turns out Windows and Mono (at least on Linux) behave differently when it comes to AuthenticateAsClient. Based on your certificate chain, Windows will make a "best guess" as to what Certificate to use when authenticating (since the APNS Certificate is the only cert in the chain, that's an easy guess)

Mono will not "guess" at all. You must specify the certificate using the LocalCertificateSelectionCallback. You cannot leave it "null" as I did

user1585458
  • 31
  • 4