Secure socket connection (SslStream)

TinyCLR OS
1

Hey

Is there any example of how to use the SslStream for secure socket connections? my first attempts has all resulted in:

#### Exception System.InvalidOperationException - CLR_E_INVALID_OPERATION (1) ####
#### Message: 
#### GHIElectronics.TinyCLR.Devices.Network.Provider.NetworkControllerApiWrapper::AuthenticateAsClient [IP: 0000] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0016] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0009] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0008] ####
#### Network.SocketTls::OpenSocketTLS [IP: 0051] ####
#### Cleverhouse.Program::Main [IP: 001a] ####

Exception thrown: ‘System.InvalidOperationException’ in GHIElectronics.TinyCLR.Devices.Network.dll
An unhandled exception of type ‘System.InvalidOperationException’ occurred in GHIElectronics.TinyCLR.Devices.Network.dll

  • Am I suppose to open the socket connection first and then call the AuthenticateAsClient() or just create the SslStream and call AuthenticateAsClient() ?

  • Is the SslStream the correct way to create secure socket connection? documentation shows how to use https but lacking examples of secure socket suppport.

  • Is TLS 1.3 default ? because the enum within the SslStream does not contain defintion for TLS 1.3 but the documentaiton TLS Client states TLS 1.3 is supported.

2

Default is 1.2

make sure the certificate is root certificate.

3

Also, make sure:

  • System time is update todate. Some servers failed handshaking if date is not setup ( default when not setup is 1970 or something like that).
  • For Azure, make sure key is still valid (usually 1 day… 365 days…)
4

My server is a ASP.net web app with a self signed certificate.

  • Rtc has been set within a few minutes of current date

  • My server works with another console app as client.

  • It appears that on the server the AuthenticateAsServer() succeeds but the SCM20260E keeps throwing:

    #### Exception System.InvalidOperationException - CLR_E_INVALID_OPERATION (1) ####
#### Message: 
####
GHIElectronics.TinyCLR.Devices.Network.Provider.NetworkControllerApiWrapper::AuthenticateAsClient [IP: 0000] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0016] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0009] ####
#### System.Net.Security.SslStream::AuthenticateAsClient [IP: 0008] ####
#### Network.SocketTls::OpenSocketTLS [IP: 0049] ####
#### Cleverhouse.Program::Main [IP: 001e] ####
Exception thrown: 'System.InvalidOperationException' in 
GHIElectronics.TinyCLR.Devices.Network.dll
System.InvalidOperationException: Exception was thrown: System.InvalidOperationException

Client code:

public void OpenSocketTLS(string serverAddress, int port)
{
  InitClock();
  IPAddress ip = IPAddress.Parse(serverAddress);
  byte[] certificates = Certs.GetBytes(Certs.BinaryResources.forController);
  X509Certificate[] certx509CA = new X509Certificate[] { new X509Certificate(certificates) };

  _socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
  _socket.Connect(new IPEndPoint(ip, port));
  SslStream socketStream = new SslStream(_socket);
  socketStream.AuthenticateAsClient("DESKTOP-M8M6H10", certx509CA[0]);
}
5

Nvm manage to get it to work.

1 Like