Exceptions raised in UserCertificateValidationCallback in Sslstream are swallowed

[DOliana]

I just got to know DotNetty and so far I like it very much. Right now I would like to use it for a project where the clients are required to authenticate by a certificate - so only TLS-Connections from clients with specific certificates are allowed.

For this I used this code for the bootstrap:

bootstrap
.Group(bossGroup, workerGroup)
.Channel<TcpServerSocketChannel>()
.Option(ChannelOption.SoBacklog, 100)
.ChildHandler(new ActionChannelInitializer<ISocketChannel>(channel =>
{
    IChannelPipeline pipeline = channel.Pipeline;
    if (tlsCertificate != null)
    {
        TlsSettings settings = new ServerTlsSettings(
            certificate: tlsCertificate,
            negotiateClientCertificate: true,
            checkCertificateRevocation: false,
            enabledProtocols: SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12);
        var handler = new TlsHandler(stream => new SslStream(stream, true, ValidateClientCertificate), settings);
        pipeline.AddLast(handler);
        pipeline.AddLast(new MyHandler());
    }
}));

and for Testing this as a callback:

private static bool ValidateClientCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return false;
}

The thing is, that nothing happens when the client is not authenticated. The MyHandler instance still exists but just does not receive any messages. When I connect with a client, it is able to connect without any problems, and is also able to send data (even though it is never received).

BTW: for testing the Telnet.Server-Project from the examples can be used.

[nayato]

Should be fixed by now