4

I'm running the mono branch build of DotNetOpenAuth and having problems with No OpenID Endpoint Found errors trying to authenticate using google, but not sure how to diagnose them.

More info:

  • Running the same mono branch build under Windows works.
  • Authenticating with a local openid provider works fine (Windows and Linux).
  • Authenticating using myopenid works (maybe cause it's not https like google?)
  • Same Web.Config, binaries everything under Windows and Linux.
  • Have disabled the DNOA openid cacheDiscovery setting.
  • Have checked SSL works through firewall from the Linux machine. (ie: wget https://www.google.com works).
  • Have checked the apache error logs, no errors reported.

Any hints on how to diagnose this?

Follow up: still looking into this, as best I can tell this is a mono/ssl issue not related to dotnetopenauth. A simple ssl request from C# code fails with Invalid certificate received from server. Error code: 0xffffffff800b010a exception.

Running mozroots under mono 2.4/ubuntu 9.10 desktop fixes the problem, but same mozroots command on mono 2.6/ubuntu 10.10 server doesn't help. I'm using this:

yes yes|sudo mozroots --import --machine

It says it imported the certificates, but a simple command line program to request https://www.google.com still fails.

Brad Robinson
  • 44,114
  • 19
  • 59
  • 88
  • two days on this. thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you!!! – Sean Sep 07 '11 at 01:43

2 Answers2

3

You need to create an empty 'keypairs' directory alongside the 'certs' directory in the machine store:

  sudo mkdir /usr/share/.mono/keypairs

mozroots (and certmgr under the hood) don't create it but without it mono runtime will refuse making connections (and it cannot create it itself as the machine store is writeable only by root; why it needs to create it and then leave it empty, I don't know).

tymtam
  • 31,798
  • 8
  • 86
  • 126
0

This is a hack answer, but at least I got it working...

Seems that the machine certificate store doesn't work in mono 2.6/ubuntu 10.10 server. Don't know why.

The fix is to import the mozroots root certificates into the www-data user certificate store. Since I couldn't figure out how to do that with the mozroots tool, I did it manually like this:

sudo mkdir /var/www/.config/.mono/certs/Trust
sudo mkdir /var/www/.config/.mono/certs/CA
sudo cp /usr/share/.mono/certs/Trust /var/www/.config/.mono/certs/Trust

Now it works...

Brad Robinson
  • 44,114
  • 19
  • 59
  • 88