search

chronoxor / CSharpServer

Ultra fast and low latency asynchronous socket server & client C# library with support TCP, SSL, UDP protocols and 10K connections problem solution
https://chronoxor.github.io/CSharpServer
MIT License
112 stars 31 forks source link

Failing to get the client and server talk to each other #3

Open mwahaj opened 4 years ago

mwahaj commented 4 years ago

Hi,

After running the program for some time I am getting this strange error. I have even tried running the application from the Examples (https://github.com/chronoxor/CSharpServer/releases) and also compiled the SSL Client and SSL Server programs but both are giving me this error. Interesting using OpenSSL s_client command I can communicate with the SSL Server program. I haven't tweaked my machine. I am using Windows 10. Running the examples on Windows Server 2012 is not showing such errors. Here are the errors:

SSL Server SSL server port: 2222

Service starting...Done! Server starting...Done! Press Enter to stop the server or '!' to restart the server... Chat SSL session with Id 220fa7cd-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error Chat SSL session with Id 220fa7cd-1bde-11ea-a1da-54ee753e95fb disconnected! Chat SSL session with Id 294a79a2-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error Chat SSL session with Id 294a79a2-1bde-11ea-a1da-54ee753e95fb disconnected! Chat SSL session with Id 294a79a3-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error Chat SSL session with Id 294a79a3-1bde-11ea-a1da-54ee753e95fb disconnected! Chat SSL session with Id 294a79a4-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error Chat SSL session with Id 294a79a4-1bde-11ea-a1da-54ee753e95fb disconnected! Chat SSL session with Id 294a79a5-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error Chat SSL session with Id 294a79a5-1bde-11ea-a1da-54ee753e95fb disconnected! Chat SSL session with Id 294a79a6-1bde-11ea-a1da-54ee753e95fb connected! Chat SSL session caught an error with code 0 and category 'asio.ssl': tlsv1 alert decrypt error

SSL Client SSL server address: 127.0.0.1 SSL server port: 2222

Service starting...Done! Client connecting...Done! Press Enter to stop the client or '!' to reconnect the client... Chat SSL client connected a new session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client caught an error with code 0 and category 'asio.ssl': invalid padding Chat SSL client disconnected a session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client connected a new session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client caught an error with code 0 and category 'asio.ssl': invalid padding Chat SSL client disconnected a session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client connected a new session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client caught an error with code 0 and category 'asio.ssl': invalid padding Chat SSL client disconnected a session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client connected a new session with Id 29496880-1bde-11ea-a1da-54ee753e95fb Chat SSL client caught an error with code 0 and category 'asio.ssl': invalid padding Chat SSL client disconnected a session with Id 29496880-1bde-11ea-a1da-54ee753e95fb

When I run OpenSSL to connect to the server I can connect so seems some issue with the client then? OpenSSL> s_client -connect 127.0.0.1:2222 CONNECTED(00000134) Can't use SSL_get_servername depth=0 C = BY, ST = Belarus, L = Minsk, O = Example server, OU = Example server unit, CN = server.example.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = BY, ST = Belarus, L = Minsk, O = Example server, OU = Example server unit, CN = server.example.com verify error:num=21:unable to verify the first certificate verify return:1

Certificate chain 0 s:C = BY, ST = Belarus, L = Minsk, O = Example server, OU = Example server unit, CN = server.example.com i:C = BY, ST = Belarus, L = Minsk, O = Example root CA, OU = Example CA unit, CN = example.com

Server certificate -----BEGIN CERTIFICATE----- MIIFcTCCA1kCAQEwDQYJKoZIhvcNAQELBQAweTELMAkGA1UEBhMCQlkxEDAOBgNV BAgMB0JlbGFydXMxDjAMBgNVBAcMBU1pbnNrMRgwFgYDVQQKDA9FeGFtcGxlIHJv b3QgQ0ExGDAWBgNVBAsMD0V4YW1wbGUgQ0EgdW5pdDEUMBIGA1UEAwwLZXhhbXBs ZS5jb20wHhcNMTkwNjAxMTI1MjQ0WhcNMjkwNTI5MTI1MjQ0WjCBgzELMAkGA1UE BhMCQlkxEDAOBgNVBAgMB0JlbGFydXMxDjAMBgNVBAcMBU1pbnNrMRcwFQYDVQQK DA5FeGFtcGxlIHNlcnZlcjEcMBoGA1UECwwTRXhhbXBsZSBzZXJ2ZXIgdW5pdDEb MBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEAtdVvGlBsP+78L+bpRgvPdti+AVgM1JCMP7mOHvv3m+x0gIp1 j/Sg/S0h/leYsPu7H2k5xv41Y4fmWPX7u0xPLdI+/u1zHHc6IGEaM0aEddEruDUr QcQt+h62c/nIJ+tcXuSHrTZREbczZq4gm7exvAuvYd0B/lg2kXLQ9Y7eqShhKPtH B6a5YH2snJWJbk8E9WVwem37nrH5DJ99/q+hQHl9rdrP03KAEIbMLGgo3r2YuOoa 7qoywusyH9xMpWzDt0QhXxhfmWnSNyZG8ztfoXt6TDTZQ2HD/H/dZlt3skgJAWcU tlF4l0tZ55495SC4ozFyk84tNJPBD/QkRYmn3GfJ1zHgdFru+H2qYHJv5B4ssUbS cPkXwcsASci/JiyIbhPzOpbpCTUGX3OAMBKIFtxJNKmHeosftR9I97dNfJZCCiC7 k5NL8GaTw0484tLqfuH1bOmUULsfLaEj6rsiXLz9uB8T16/K9pKf2LIB++eCEU71 S4n6BHyiH09uL1KZ0msc5beggUiUglCUYy31aIFuZl/wCuH8GJZv0kepAWLIL23h PwpzS5o+tZHefwS//qG8mcy7a+NcLlIsLNPRVToYmlcNnfeAxcDqwRm2GKfAY4i7 CUt4vgyEGbFxBNsh6ozTkd9tE3qkRtpMRKcX3ZQmYJNjEOl7XCnUk9SLMOECAwEA ATANBgkqhkiG9w0BAQsFAAOCAgEAC/W9uU6zNgUzoxP3qCIXgpPPItKzkbQArXK9 MNqWnBM+ccUbaGCUMG/i5dmfT2YeTMC72Z71xb6QznFJHXOuKKVPzLNwVuIR/xwE j3BeQkUZ33Kf8TUxz5owHV9Px944KiEwhIOyPjgbG9WPL5IsXMBMLZi4EAVOza7T lqykOfgV2kwFEOPD4Sz2bYOxp7eNu+cQAMf/COQrMC2L97OtcrquipRAaY2rxb3Z pD8r3ymRs14K5rf6LTUrxrCIeZewxLyX8FedBZPCUCRLb7lsu1r7OHtbt+xUy+7i KtmEqgLpJ9Iu8xK4rf8ReLkgT5SownaGI+ddYdyB5aiR2DgLXKxGQZ6l6sznkzDk X2UZAtzhTxRaZ8wHMmR5z7q/F8EM+PR0a1Y5Of+Yosv9dTERMyNosnd9EHXTbgSo ARaPso0J9V3jXm44+qd4pHgnLr7SOp3B5Jf71yhN1p5fKYqPkbiCiZFxOXO3s5z6 +4247z7ZCD7k9UMqKflj4eLQD+OnTJ6VFyrovTQnjCsbTsEmI1S8arvAEosAX5GU vR05YZnEO9rEzOSh9tBuuht8woK5tQpLQwksgOiQATcZCN/ioz1SmyrRIfwEBh66 MB4SMwGjiaARsWhV+iEpS8mwvI1WtX/4Xgo7NropbFyIuJsZsmvDfuffqp9Z8f/b kYDiTio= -----END CERTIFICATE----- subject=C = BY, ST = Belarus, L = Minsk, O = Example server, OU = Example server unit, CN = server.example.com

issuer=C = BY, ST = Belarus, L = Minsk, O = Example root CA, OU = Example CA unit, CN = example.com

No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits

SSL handshake has read 2278 bytes and written 386 bytes Verification error: unable to verify the first certificate

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 8D587C1E206658B60AEBE0B1DB2F4477777B83058AB3EF44215F9C2242F4CC5E Session-ID-ctx: Master-Key: 0C755B81BC3A1A0621E0AABC35CE87F523077E390FEC2A66DDC7D524BFEAC1D6653B941AB13D8FA71CBFAE8341B3FD13 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8d 11 9f 4c e3 dc ad df-e2 73 d6 7e c4 95 f7 e0 ...L.....s.~.... 0010 - c2 7e 17 d4 56 75 29 f2-a8 a8 fe 57 98 7f c2 6b .~..Vu)....W...k 0020 - 4d f0 4a 7c d1 cd f3 b6-f0 21 06 36 0b 93 b9 b0 M.J|.....!.6.... 0030 - a2 66 69 d3 66 7b 08 35-34 30 b7 14 70 da bb 8e .fi.f{.540..p... 0040 - 6e 32 8b 17 0d 9a 77 eb-03 51 15 c9 c2 7a a3 64 n2....w..Q...z.d 0050 - 94 84 dc 96 3f 03 36 c5-b2 ea 01 62 33 95 63 da ....?.6....b3.c. 0060 - ee f7 36 36 fb d2 6a 89-58 41 b1 c6 03 22 18 df ..66..j.XA...".. 0070 - 18 af a0 1c e1 d8 b7 36-28 59 67 c7 1b 15 63 bf .......6(Yg...c. 0080 - f0 b1 41 a1 28 01 83 01-eb 1d 96 c5 59 7b b1 d5 ..A.(.......Y{.. 0090 - 08 91 e3 97 b1 1e fb 8e-79 e8 54 41 14 a1 48 d4 ........y.TA..H.

Start Time: 1576045644
Timeout   : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes

Hello from SSL chat! Please send a message or '!' to disconnect the client!dfdf dfdf (admin) dfdf Also I need to know whether the code support SSL Client Authentication OR only SSL Server Authentication?

chronoxor commented 4 years ago

Server side SSL code in examples\SslChatServer\Program.cs:

// Create and prepare a new SSL server context             
var context = new SslContext(SslMethod.TLSV12);            
context.SetPassword("qwerty");                             
context.UseCertificateChainFile("server.pem");             
context.UsePrivateKeyFile("server.pem", SslFileFormat.PEM);
context.UseTmpDHFile("dh4096.pem");

Client side SSL code in 'examples\SslChatClient\Program.cs':

// Create and prepare a new SSL client context                                         
var context = new SslContext(SslMethod.TLSV12);                                        
context.SetDefaultVerifyPaths();                                                       
context.SetRootCerts();                                                                
context.SetVerifyMode(SslVerifyMode.VerifyPeer | SslVerifyMode.VerifyFailIfNoPeerCert);
context.LoadVerifyFile("ca.pem");
chronoxor commented 4 years ago

You may also look into the new .NET Core implementations of the TCP/SSL servers & clients - https://github.com/chronoxor/NetCoreServer

mwahaj commented 4 years ago

Tried NetCoreServer and I am able to run its examples and also debug its code.. Thanks a lot! I believe for client.pfx to work its issuer must match the same issuer used in the server.pfx right?