mono & IPv6

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

mono & IPv6

Rick Tillery
We're having problems getting IPv6 working with mono (5.0.1.1 on RHEL/CentOS).

I have IPv4 & IPv6 addresses for a test server. I can ping/ping6 both of these addresses. And I am able to use curl (wget not installed on the minimal headless machines we use for test) to download the HTML (after disabling trust check) using both addresses. 

To eliminate our code (which works on Winders), I borrowed some source from https://gist.github.com/bugchk/ec7b46ad9ee47a13e377f6994d961c0f to use instead:

using System;
using System.Net;

// Compile with "mcs wget.cs"

namespace wget
{
   class Program
   {
       static void Main(string[] args)
       {
           if (args.Length < 1 || args.Length > 2)
           {
               Console.WriteLine();
               Console.WriteLine(" Usage: wget.exe http://urltodownload.com/file.ext [output_path]");
               Console.WriteLine();
               Environment.Exit(-1);
           }

           var urlPath = args[0];
           var uriParts = urlPath.Split('/');
           var outputPath = args.Length >= 2 ? args[1] : uriParts[uriParts.Length - 1];

           using (var client = new WebClient())
           {
               // client.Credentials = new NetworkCredential("user", "password");
               try
               {
                   client.DownloadFile(urlPath, outputPath);
                   Environment.Exit(0);
               }
               catch(Exception ex)
               {
                   Console.WriteLine(ex.ToString());
                   Console.WriteLine(ex.Message);
                   Environment.Exit(-1);
               }
           }
       }
   }
}


Unfortunately, in our environment, they're are no http servers, only https. So I issues an IPv4 command like:

$ mono wget.exe https://10.192.100.50

Using just an IP address, the error below is expected (I tried a couple of methods to disable the trust check, but no joy), but it still indicates that the host was reached, which is all I'm trying to verify at this point.

System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132) ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132
 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x0003c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation (Mono.Net.Security.AsyncOperation operation) [0x00024] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00057] in <1d7393d853954016b607e8e348b00ad1>:0
--- End of stack trace from previous location where exception was thrown ---
 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3753d1715b8842d8bb13a30db0388b60>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00078] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132)


But, when I use the same command with an IPv4 address:

$ mono wget.exe https://[fe39:abcd:ef01:2345::c]

I get a failure to find the host.

System.Net.WebException: Error: ConnectFailure (No route to host) ---> System.Net.Sockets.SocketException: No route to host
 at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) [0x000b6] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.Connect (System.Net.HttpWebRequest request) [0x0016d] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: ConnectFailure (No route to host)​


Any suggestions as to why IPv6 doesn't appear to be working through mono?

Rick

_______________________________________________
Mono-devel-list mailing list
[hidden email]
http://lists.dot.net/mailman/listinfo/mono-devel-list
Reply | Threaded
Open this post in threaded view
|

Re: mono & IPv6

Ludovic Henry (XAMARIN) via Mono-devel-list
Could you please try if you see the same issue with a more recent Mono from http://www.mono-project.com/download/stable/#download-lin-centos ?

- Alex

On 1 Mar 2018, at 17:09, Rick Tillery <[hidden email]> wrote:

We're having problems getting IPv6 working with mono (5.0.1.1 on RHEL/CentOS).

I have IPv4 & IPv6 addresses for a test server. I can ping/ping6 both of these addresses. And I am able to use curl (wget not installed on the minimal headless machines we use for test) to download the HTML (after disabling trust check) using both addresses. 

To eliminate our code (which works on Winders), I borrowed some source from https://gist.github.com/bugchk/ec7b46ad9ee47a13e377f6994d961c0f to use instead:

using System;
using System.Net;

// Compile with "mcs wget.cs"

namespace wget
{
   class Program
   {
       static void Main(string[] args)
       {
           if (args.Length < 1 || args.Length > 2)
           {
               Console.WriteLine();
               Console.WriteLine(" Usage: wget.exe http://urltodownload.com/file.ext [output_path]");
               Console.WriteLine();
               Environment.Exit(-1);
           }

           var urlPath = args[0];
           var uriParts = urlPath.Split('/');
           var outputPath = args.Length >= 2 ? args[1] : uriParts[uriParts.Length - 1];

           using (var client = new WebClient())
           {
               // client.Credentials = new NetworkCredential("user", "password");
               try
               {
                   client.DownloadFile(urlPath, outputPath);
                   Environment.Exit(0);
               }
               catch(Exception ex)
               {
                   Console.WriteLine(ex.ToString());
                   Console.WriteLine(ex.Message);
                   Environment.Exit(-1);
               }
           }
       }
   }
}


Unfortunately, in our environment, they're are no http servers, only https. So I issues an IPv4 command like:

$ mono wget.exe https://10.192.100.50

Using just an IP address, the error below is expected (I tried a couple of methods to disable the trust check, but no joy), but it still indicates that the host was reached, which is all I'm trying to verify at this point.

System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132) ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132
 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x0003c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation (Mono.Net.Security.AsyncOperation operation) [0x00024] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00057] in <1d7393d853954016b607e8e348b00ad1>:0
--- End of stack trace from previous location where exception was thrown ---
 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3753d1715b8842d8bb13a30db0388b60>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00078] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132)


But, when I use the same command with an IPv4 address:

$ mono wget.exe <a href="https://[fe39:abcd:ef01:2345::c" class="">https://[fe39:abcd:ef01:2345::c]

I get a failure to find the host.

System.Net.WebException: Error: ConnectFailure (No route to host) ---> System.Net.Sockets.SocketException: No route to host
 at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) [0x000b6] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.Connect (System.Net.HttpWebRequest request) [0x0016d] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: ConnectFailure (No route to host)​


Any suggestions as to why IPv6 doesn't appear to be working through mono?

Rick
_______________________________________________
Mono-devel-list mailing list
[hidden email]
http://lists.dot.net/mailman/listinfo/mono-devel-list


_______________________________________________
Mono-devel-list mailing list
[hidden email]
http://lists.dot.net/mailman/listinfo/mono-devel-list
Reply | Threaded
Open this post in threaded view
|

Re: mono & IPv6

Rick Tillery
Wow, interesting. With 5.10.0.140, I am able to get the same trust failure with IPv6 as IPv4 (indicating a successful connection to the server).

Thanks again, Alex!

Rick

On Mar 1, 2018 10:23 AM, "Alexander Köplinger" <[hidden email]> wrote:
Could you please try if you see the same issue with a more recent Mono from http://www.mono-project.com/download/stable/#download-lin-centos ?

- Alex

On 1 Mar 2018, at 17:09, Rick Tillery <[hidden email]> wrote:

We're having problems getting IPv6 working with mono (5.0.1.1 on RHEL/CentOS).

I have IPv4 & IPv6 addresses for a test server. I can ping/ping6 both of these addresses. And I am able to use curl (wget not installed on the minimal headless machines we use for test) to download the HTML (after disabling trust check) using both addresses. 

To eliminate our code (which works on Winders), I borrowed some source from https://gist.github.com/bugchk/ec7b46ad9ee47a13e377f6994d961c0f to use instead:

using System;
using System.Net;

// Compile with "mcs wget.cs"

namespace wget
{
   class Program
   {
       static void Main(string[] args)
       {
           if (args.Length < 1 || args.Length > 2)
           {
               Console.WriteLine();
               Console.WriteLine(" Usage: wget.exe http://urltodownload.com/file.ext [output_path]");
               Console.WriteLine();
               Environment.Exit(-1);
           }

           var urlPath = args[0];
           var uriParts = urlPath.Split('/');
           var outputPath = args.Length >= 2 ? args[1] : uriParts[uriParts.Length - 1];

           using (var client = new WebClient())
           {
               // client.Credentials = new NetworkCredential("user", "password");
               try
               {
                   client.DownloadFile(urlPath, outputPath);
                   Environment.Exit(0);
               }
               catch(Exception ex)
               {
                   Console.WriteLine(ex.ToString());
                   Console.WriteLine(ex.Message);
                   Environment.Exit(-1);
               }
           }
       }
   }
}


Unfortunately, in our environment, they're are no http servers, only https. So I issues an IPv4 command like:

$ mono wget.exe https://10.192.100.50

Using just an IP address, the error below is expected (I tried a couple of methods to disable the trust check, but no joy), but it still indicates that the host was reached, which is all I'm trying to verify at this point.

System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132) ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132
 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x0003c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.AsyncProtocolRequest.StartOperation (Mono.Net.Security.AsyncOperation operation) [0x00024] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00057] in <1d7393d853954016b607e8e348b00ad1>:0
--- End of stack trace from previous location where exception was thrown ---
 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3753d1715b8842d8bb13a30db0388b60>:0
 at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00078] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000c] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <1d7393d853954016b607e8e348b00ad1>:0
 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
 at /builddir/build/BUILD/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132)


But, when I use the same command with an IPv4 address:


I get a failure to find the host.

System.Net.WebException: Error: ConnectFailure (No route to host) ---> System.Net.Sockets.SocketException: No route to host
 at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) [0x000b6] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebConnection.Connect (System.Net.HttpWebRequest request) [0x0016d] in <1d7393d853954016b607e8e348b00ad1>:0
  --- End of inner exception stack trace ---
 at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in <1d7393d853954016b607e8e348b00ad1>:0
 at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00016] in <1d7393d853954016b607e8e348b00ad1>:0
 at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
 at wget.Program.Main (System.String[] args) [0x00061] in <24ce9e68afff4791842d98a8ce379a1e>:0
Error: ConnectFailure (No route to host)​


Any suggestions as to why IPv6 doesn't appear to be working through mono?

Rick
_______________________________________________
Mono-devel-list mailing list
[hidden email]
http://lists.dot.net/mailman/listinfo/mono-devel-list


_______________________________________________
Mono-devel-list mailing list
[hidden email]
http://lists.dot.net/mailman/listinfo/mono-devel-list