runtime: HttpClient.GetAsync() causes uncatchable CryptographicException on Linux in OpenSslX509ChainProcessor.MapVerifyErrorToChainStatus

System: Ubuntu 16.04 and Ubuntu 16.10 Dotnet release: dotnet-dev-1.0.4

apt list --installed | grep dotnet output:

dotnet-dev-1.0.4/yakkety,now 1.0.4-1 amd64 [installed]
dotnet-host/yakkety,now 2.0.0-preview2-25407-01-1 amd64 [installed,automatic]
dotnet-hostfxr-1.1.0/yakkety,now 1.1.0-1 amd64 [installed,automatic]
dotnet-sharedframework-microsoft.netcore.app-1.1.2/yakkety,now 1.1.2-1 amd64 [installed,automatic]

apt list --installed | grep openssl output:

libgnutls-openssl27/yakkety-updates,yakkety-security,now 3.5.3-5ubuntu1.2 amd64 [installed]
openssl/yakkety-updates,now 1.0.2g-1ubuntu9.3 amd64 [installed]

Repro Code:

using System;
using System.Net.Http;
using System.Threading.Tasks;

namespace Repro
{
    class Program
    {
        static void Main(string[] args)
        {
            Do().GetAwaiter().GetResult();
        }

        static async Task Do()
        {
            var client = new HttpClient();
            try
            {
                var response = await client.GetAsync((new Uri("https://obr03.ru/")));
                Console.WriteLine("Ok");
            }
            catch(Exception ex)
            {
                Console.WriteLine("Catched");
            }
        }
    }
}

Result Windows: Catched

Result Linux:

Unhandled Exception: System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
   at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.MapVerifyErrorToChainStatus(X509VerifyStatusCode code)
   at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.AddElementStatus(X509VerifyStatusCode errorCode, List`1 elementStatus, List`1 overallStatus)
   at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.AddElementStatus(List`1 errorCodes, List`1 elementStatus, List`1 overallStatus)
   at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.BuildChain(X509Certificate2 leaf, HashSet`1 candidates, HashSet`1 downloaded, HashSet`1 systemTrusted, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan& remainingDownloadTime)
   at Internal.Cryptography.Pal.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout)
   at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)
   at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain,  509Certificate2 remoteCertificate, Boolean checkCertName, String hostName)
   at System.Net.Http.CurlHandler.SslProvider.VerifyCertChain(IntPtr storeCtxPtr, IntPtr curlPtr)
   at Interop.Http.MultiPerform(SafeCurlMultiHandle multiHandle)
   at System.Net.Http.CurlHandler.MultiAgent.WorkerBodyLoop()
Aborted (core dumped)

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 20 (11 by maintainers)

Most upvoted comments

Yes I realize this website is malformed but working on something similar to a crawler I cannot choose the websites I work with. 😉

However isn’t the even bigger issue that this terminates the execution of the program (see “Aborted (core dumped)” despite the try catch block?

+1
Qowy on Jul 1, 2017
Read more comments on GitHub
← runtime: HttpClient with mutual TLS on macOS High Sierra - does not support client authentication (Libcurl/LibreSSL problems)
runtime: HttpClient.GetAsync/PostAsync sets different error code on SocketException on Windows 7 when host could not be resolved →