koobas.hobune.stream
Problems with TLS handshake
Hi, I am trying to connect to an API stream using a TcpClient and the SslStream from .NET, but I keep getting stuck with an error when I am about to authenticate client. I need a TCP connection since I want a http stream, and I need SSL since the API requires you to connect via HTTPS.
The interesting thing is that connecting to the TLS stream works with Curl on the same machine. Others have told me the problem might be that Unity/.NET does not have an updated CA for the certificate the API uses (letsencrypt). How do I solve this?
The error is:
TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: 4294938112
Mono.Unity.Debug.CheckAndThrow (Mono.Unity.UnityTls+unitytls_errorstate errorState, Mono.Unity.UnityTls+unitytls_x509verify_result verifyResult, System.String context, Mono.Security.Interface.AlertDescription defaultAlert) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Unity.UnityTlsContext.ProcessHandshake () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
(wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Rethrow as AuthenticationException: A call to SSPI failed, see inner exception.
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.MobileAuthenticatedStream+<ProcessAuthentication>d__47.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Rethrow as AggregateException: One or more errors occurred.
System.Threading.Tasks.Task.ThrowIfExceptional (System.Boolean includeTaskCanceledExceptions) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task.Wait (System.Int32 millisecondsTimeout, System.Threading.CancellationToken cancellationToken) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task.Wait () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
System.Net.Security.SslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
HttpClient.RetrieveAisStream () (at Assets/Scripts/HttpClient.cs:166)
System.Threading.ThreadHelper.ThreadStart_Context (System.Object state) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.ExecutionContext.RunInternal (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state, System.Boolean preserveSyncCtx) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.ExecutionContext.Run (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state, System.Boolean preserveSyncCtx) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.ExecutionContext.Run (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.ThreadHelper.ThreadStart () (at <695d1cc93cca45069c528c15c9fdd749>:0)
UnityEngine.<>c:<RegisterUECatcher>b__0_0(Object, UnhandledExceptionEventArgs)
My code looks like this:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (message, cert, chain, sslPolicyErrors) => true;
using (TcpClient client = new TcpClient())
{
client.Connect("live.ais.barentswatch.no", 80);
using (SslStream stream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
{
try
{
stream.AuthenticateAsClient("live.ais.barentswatch.no", null, SslProtocols.Tls12, false);
}
catch (AuthenticationException e)
{
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
client.Close();
return;
}
continues...
and:
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
print("Inside callback\n");
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
