SslStream

chad21mycoopers · July 11, 2013, 8:06pm

I have seen several older posts regarding SslStream. None of them seemed to have a conclusion. Since it has been awhile since the older posts I am looking for an update. I have created the socket and endpoint. Opened the connection and attempted authentication. I cannot get the authenticateasclient function to work. The authentication keeps failing. The server cert is the same name as the host. Any other ideas? Or does the gadget even support this?

Server side:
TcpClient client = listener.AcceptTcpClient();
SslStream sslStream = new SslStream(client.GetStream(), false, RemoteCertificateValidationCB);
sslStream.AuthenticateAsServer(ServerCertificate, false, SslProtocols.Default, true);

Client side:
Socket client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
IPEndPoint remoteEndPoint = new IPEndPoint(IPAddress.Parse(“xx.xx.xx.xx”), xxxx);
client.Connect(remoteEndPoint);
SslStream sslStream = new SslStream(client);
sslStream.AuthenticateAsClient(TCPserver, null, SslVerification.CertificateRequired, SslProtocols.Default);

chad21mycoopers · July 14, 2013, 9:39am

The exception is not much help.

A first chance exception of type ‘System.NotSupportedException’ occurred in Microsoft.SPOT.Net.Security.dll
A first chance exception of type ‘System.NotSupportedException’ occurred in System.Net.Security.dll
Exception was thrown: System.NotSupportedException.

Exception System.NotSupportedException - CLR_E_NOT_SUPPORTED (1)

Message:

Microsoft.SPOT.Net.Security.SslNative::SecureClientInit [IP: 0000]

Microsoft.SPOT.Net.Security.SslStream::Authenticate [IP: 0051]

Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsClient [IP: 000c]

Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsClient [IP: 000a]

chad21mycoopers · July 14, 2013, 11:06am

I’m using the FEZ Spider. I’m assuming that when you state:

Target -> Manage Device Key -> Update SSL Seed

I should be looking in the properties of the project. I’m using VS2010 Express and don’t see anything there referencing Target or Manage Device Key.

Looking at the description of the product it states:
Based on GHI Electronics EMX module Full TCP/IP Stack with SSL, HTTP, TCP, UDP, DHCP…so it must be supported.

…so I researched MFDeploy and see that it is a Microsoft program of itself. I will attempt to use MFDeploy tonight when I get back to the device. It looks like I need to select a certificate for the deployment. I’m I selecting the server certificate? I’m not using a client certificate.

Thanks for the quick reply too.

scardinale · July 14, 2013, 11:24am

@ chad21mycoopers. You update the SSL Seed on your Spider using MFDeploy.

chad21mycoopers · July 14, 2013, 11:33am

After some research I realize it is not part of VS but another program. It looks like I need to select a certificate for deployment. Do I need to select the server certificate? I’m not using a client certificate.

chad21mycoopers · July 14, 2013, 11:45am

I see now. It is in the dropdown menu. I was looking at the main window where there is a flag to “Use SSL” and set a certificate. I will give it a try tonight and provide an update. Thanks for the guidance.

chad21mycoopers · July 15, 2013, 10:51pm

Up and running guys. Thanks!

chad21mycoopers · July 16, 2013, 8:54am

There is not a difference. I thought that I choose both of them as the answer? I checked the box for #3. Thanks again.

Architect · July 16, 2013, 8:56am

@ chad21mycoopers - You can only mark one post as the answer. Previously marked will be “unmarked” automatically.