I am trying to establish SSL/TLS connection to my personal chat server.
My code snippet is as follows
public void StartAuthentication(XMPPConnection connection)
{
NetworkStream networkStream = new NetworkStream(connection._sock);
_sslStream = new SslStream(networkStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback));
X509CertificateCollection collection = new X509CertificateCollection();
collection.Add(new X509Certificate(@"D:\ca-certs\AddTrust_External_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\America_Online_Root_Certification_Authority_1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\AOL_Member_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Baltimore_CyberTrust_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Class3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Deutsche_Telekom_Root_CA_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceCA-3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceEVRootCA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_2048.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_Secure_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Go_Daddy_Class_2_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\GTE_CyberTrust_Global_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Internet_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Secure_Server_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\StartCom_Certification_Authority.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Premium_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Primary_Root_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\ValiCert_Class_2_VA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Verisign_Class3_Primary_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_International_Server_Class_3_CA.pem"));
try
{
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Now after execution of the program
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
The main thread block. Probably for this the ssl handshake not start. Now tell me why the main thread block. Thanks
I don't know much C#, but from the documentation of AuthenticateAsClient it expects here client certificates you use to authenticate yourself against the SSL server. And these must have a private key, otherwise you cannot use them. But, what you use as certificates are the trusted root certificates, which get used to check the certificate of the server and where you don't have a private key for.
Maybe you need to make yourself more familiar with the basics of SSL, e.g. who uses which certificates and why etc.