2

I created a Server based on a TcpListener. Incoming Connections are beeing handled parallelized using ThreadPool. The Communication occurs mutually authentificated using SslStreams.

Currently, when a Client with calls 

var sslStream = new SslStream(client.GetStream(),
                            false,
                            this.ServerCertificateValidation,
                            (a, b, collection, d, e) => collection[0]);

sslStream.AuthenticateAsClient(Host, certCollection, protocols.Tls, false); // this does not throw an exception, even if the certCollection provides an invalid Certificate...

using an invalid Certificate (collection[0]) no exception is thrown and sslStream.IsMutuallyAuthenticated, sslStream.IsSigned and sslStream.IsEncrypted all return true.

On the server-side calling

sslStream.AuthenticateAsServer(this.Certificate, true, SslProtocols.Tls, false);  // thows AuthentificationException as expected...

results in an AuthentificationException, just as expected.

How can I make the AuthenticateAsClient-call throw an Exception like it is expected, when the clients Certificate failed to validate on the server side. I would expect both Calls, AuthenticateAsClient and AuthenticateAsServer to throw the AuthentificationException, but it seems to only occur on the server. Or am i getting it wrong?

Maybe it has something to do with the parallelized Client-Processing by the server. I guess the Authentification is out of sync or sth., but i don't know how to fix this issue.

nozzleman
  • 9,529
  • 4
  • 37
  • 58
  • Is your IIS configured so that the Server requires client certificates? I think the default in SSL settings is to Accept, and not requires – Y.S Jan 29 '15 at 09:45
  • I am not using IIS. Just `TcpListener` and `TcpClient`. The Server (`AuthentificateAsServer`) expects Clients to provide a Certificate (second Argument set to `true`) ValidationCallbacks are called btw. – nozzleman Jan 29 '15 at 09:47

0 Answers0