Reputation: 425
AWS S3 .NET SDK
I am using Unity3D, and have try to use S3 .NET SDK. But keep getting below error:
TlsException: Invalid certificate received from server. Error code: 0xffffffff80092012
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates)
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 ()
My javascript code:
function Start()
{
client = Amazon.AWSClientFactory.CreateAmazonS3Client(Conf.AWSAccessKey, Conf.AWSSecretKey);
var response : ListBucketsResponse = client.ListBuckets();
}
I have searched a whole day and probably found the reason:
It turns out that Mono installs with no root certs, so by default Mono refuses to trust any SSL-protected web services. The Mono Security FAQ has a couple suggestions for how to handle the issue."
I have tried below methods:
-
mcs am1.cs mono am1.exe https://www.amazonaws.comWhen I run compiled am1.exe, it gives me a lot of exception errors
Use the mozroots.exe tool to download and install all Mozilla's root certificates.
C:\Program Files (x86)\Mono-2.6.7\lib\mono\1.0>mozroots --import --machine --syncAlthough the output said the certs have successfully imported. But in Unity3D it still prompts "Invalid certificate received from server"
I have been working on this the whole day and can't get it solved, hope someone can help me.
Upvotes: 4
Views: 2398
Answers (3)
Reputation: 21
If you are using ASP for in mono, you need download and install the Mozilla's root certificates with the user www-data
chown www-data /var/www/
sudo -u www-data mozroots --import --sync
Upvotes: 0
Reputation: 43543
0x80092012 occurs when the certificate could not be verified for revocation.
Since version 2.8, Mono will default to X509RevocationMode.NoCheck unless the MONO_X509_REVOCATION_MODE environment variable is set (in this case it will check for CRLs inside the certificate stores).
I don't know how recent is your version of Unity3D wrt Mono itself. However you should be able to use ICertificatePolicy or ServicePointManager.ServerCertificateValidationCallback to work around this issue. Simply disregard the 0x80092012 error code if it comes from a certificate issued to Amazon.
Upvotes: 1
Reputation: 9
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public TrustAllCertificatePolicy() {}
public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,
WebRequest req,
int problem)
{
return true;
}
}
So before establishing HTTPS connection (either via WebRequest, WebServices or other) to remote server just call:
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
Enjoy
Upvotes: 0
Related Questions
- Accessing AWS resources securely using the AWS SDK for .NET
- Understanding aws-sdk-net for Unity 3D
- Does AWS SDK for .NET communicate in a secure channel with S3 servers?
- Configuring AWS S3 Client in .NET Core
- AWS .NET SDK Direct Upload to S3 - Pre Signed URL
- Amazon S3 C# SDK "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Error
- Is there any high-level .Net SDK for AWS?
- Amazon S3 .net sdk using IAM credentials
- Amazon S3 .net sdk
- Amazon S3 issues getting SSL to work with c# sdk