HttpClient with client certificate fails with OpenSslCryptographicException on Linux

[martin-pes]

I am trying to make calls from ASP.NET Core application to Swish payment platform
simulator Web API. I am using HttpClient to make the calls and I am attaching client certificate which is required by the API.

This is the code I am using (full source code here):

var cert = GetCertificate("Swish_Merchant_TestCertificate_1231181189.p12", "swish");

var handler = new HttpClientHandler();
handler.ClientCertificates.Add(cert);

var client = new HttpClient(handler);

const string paymentPath = "https://mss.cpc.getswish.net/swish-cpcapi/api/v1/paymentrequests/";

var response = await client.PostAsync(paymentPath, PaymentModel.GetSampleContent());

var responseContent = await response.Content.ReadAsStringAsync();

Everything works fine on Windows but as soon as I switch to Docker on Linux I get the following exception during the API call:

An unhandled exception occurred while processing the request.
OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Unknown location

SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
Interop+OpenSsl.DoSslHandshake(SafeSslHandle context, byte[] recvBuf, int recvOffset, int recvCount, out byte[] sendBuf, out int sendCount)

AuthenticationException: Authentication failed, see inner exception.
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)

HttpRequestException: The SSL connection could not be established, see inner exception.
System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)

Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at SwishClient.Controllers.ApiController.Call() in /src/SwishClient/Controllers/ApiController.cs:line 36
   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Additional Context

The required client certificate is signed by intermediate CA. I have tried:

• To install these intermediate CA before running the app - on Windows manually, on Docker during Docker build.
• Installing these certificates programmatically from the app before making first API call

Both methods work fine on Windows, none on Linux.

Complete source code including certificates, Dockerfile and further instruction in Readme in
https://pescn.visualstudio.com/AspNetCoreSwish/_git/AspNetCoreSwish

I can SSH into Linux docker container running my app and successfully connect to Swish API using curl

curl -s -S -i -k --cert ./Certificates/Swish_Merchant_TestCertificate_1231181189.p12:swish --cert-type p12 --cacert ./CA/Swish_TLS_RootCA.pem --tlsv1.1 --header "Content-Type:application/json" https://host.docker.internal:5001/api/test --data '{ "payeePaymentReference" : "0123456789", "callbackUrl" :"https://myfakehost.se/swishcallback.cfm", "payerAlias" : "4671234768","payeeAlias" : "1231181189", "amount" : "100", "currency" : "SEK","message" : "Kingston USB Flash Drive 8 GB" }'

[mikaelnordin]

I have the exact same issue with the same payment provider (Swish). I have done some network captures and the only difference i can see is that on windows the client sends 3 certificates to the server but on linux it sends only 2.

Capture from windows 10:

Transport Layer Security
    TLSv1.1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.1 (0x0302)
        Length: 5112
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 4328
            Certificates Length: 4325
            Certificates (4325 bytes)
                Certificate Length: 1392
                Certificate: 3082056c30820354a003020102021018b4eef1d851c179f4… (id-at-commonName=1234679304,id-at-organizationName=5560997982,id-at-countryName=SE)
                Certificate Length: 1475
                Certificate: 308205bf308203a7a00302010202106cf526b1a267b4e2ec… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Customer CA1 v1 for Swish)
                Certificate Length: 1449
                Certificate: 308205a53082038da00302010202105be110694fa001e5d3… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Root CA v2 for Swish Test)
        Handshake Protocol: Client Key Exchange
        Handshake Protocol: Certificate Verify
Transport Layer Security

Capture from linux:

Frame 25: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
Ethernet II, Src: Microsof_00:02:08 (00:15:5d:00:02:08), Dst: Microsof_00:02:02 (00:15:5d:00:02:02)
Internet Protocol Version 4, Src: 192.168.0.20, Dst: 213.132.115.90
Transmission Control Protocol, Src Port: 33851, Dst Port: 443, Seq: 1659, Ack: 3500, Len: 1448
[2 Reassembled TCP Segments (2885 bytes): dotnet/corefx#24(1448), dotnet/corefx#25(1437)]
Transport Layer Security
    TLSv1.1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.1 (0x0302)
        Length: 2880
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 2876
            Certificates Length: 2873
            Certificates (2873 bytes)
                Certificate Length: 1392
                Certificate: 3082056c30820354a003020102021018b4eef1d851c179f4… (id-at-commonName=1234679304,id-at-organizationName=5560997982,id-at-countryName=SE)
                Certificate Length: 1475
                Certificate: 308205bf308203a7a00302010202106cf526b1a267b4e2ec… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Customer CA1 v1 for Swish)

The .p12 file contains these certificats:

================ Certificate 0 ================
Serial Number: 5be110694fa001e5d3cb59ef8bac8ace
Issuer: O=Getswish AB, OU=Swish Member CA, CN=Swish Root CA v2 Test
 NotBefore: 2018-03-20 14:42
 NotAfter: 2038-03-20 14:22
Subject: C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Root CA v2 for Swish Test
Non-root Certificate
Cert Hash(sha1): 88884499bffef7fa80ab2ce2336568ae49c6d313

================ Certificate 1 ================
Serial Number: 6cf526b1a267b4e2ecf4bda3819c6543
Issuer: C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Root CA v2 for Swish Test
 NotBefore: 2018-03-20 14:54
 NotAfter: 2038-03-20 14:22
Subject: C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Customer CA1 v1 for Swish
Non-root Certificate
Cert Hash(sha1): b71a8c2a7e0535ab50e4d9c715219deeeb066fa4

================ Certificate 2 ================
Serial Number: 18b4eef1d851c179f40c53461b5449e7
Issuer: C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Customer CA1 v1 for Swish
 NotBefore: 2018-05-14 10:35
 NotAfter: 2020-05-14 10:35
Subject: CN=1234679304, O=5560997982, C=SE
Non-root Certificate
Cert Hash(sha1): 1ae44567d24b2122661c5337815c7c38949d6ff3

As you can see there is no root-certificate and i think the problem might have to do with this. Could there be a difference in what additional certificates is sent on linux and windows. I'm not very familiar with how SSL works so I'm just guessing here. But could the problem be that .net does not add the top certificate even if its not a root-cert? It almost looks like it here: https://github.com/dotnet/corefx/blob/c6d9138def9be7c92f33a2f44897841142058a96/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.Ssl.cs#L158

[mikaelnordin]

I just got a hold of the root certificate (O=Getswish AB, OU=Swish Member CA, CN=Swish Root CA v2 Test). When i add this to the X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser) store the handshake works in linux too. Here are network catpures of the certificate exchange in the SSL handshake on windows 10 and linux with the new root cert installed in the store.

Windows 10:

Transport Layer Security
    TLSv1.1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.1 (0x0302)
        Length: 5112
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 4328
            Certificates Length: 4325
            Certificates (4325 bytes)
                Certificate Length: 1392
                Certificate: 3082056c30820354a003020102021018b4eef1d851c179f4… (id-at-commonName=1234679304,id-at-organizationName=5560997982,id-at-countryName=SE)
                Certificate Length: 1475
                Certificate: 308205bf308203a7a00302010202106cf526b1a267b4e2ec… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Customer CA1 v1 for Swish)
                Certificate Length: 1449
                Certificate: 308205a53082038da00302010202105be110694fa001e5d3… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Root CA v2 for Swish Test)
        Handshake Protocol: Client Key Exchange
        Handshake Protocol: Certificate Verify

Linux:

Transport Layer Security
    TLSv1.1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.1 (0x0302)
        Length: 4332
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 4328
            Certificates Length: 4325
            Certificates (4325 bytes)
                Certificate Length: 1392
                Certificate: 3082056c30820354a003020102021018b4eef1d851c179f4… (id-at-commonName=1234679304,id-at-organizationName=5560997982,id-at-countryName=SE)
                Certificate Length: 1475
                Certificate: 308205bf308203a7a00302010202106cf526b1a267b4e2ec… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Customer CA1 v1 for Swish)
                Certificate Length: 1449
                Certificate: 308205a53082038da00302010202105be110694fa001e5d3… (id-at-countryName=SE,id-at-organizationName=Swedbank AB (publ),id-at-serialNumber=SWEDSESS,id-at-commonName=Swedbank Root CA v2 for Swish Test)

Windows 10 still sends the same 3 certificates. On linux the missing cert has been added.
To me it seems that there is something wrong in the selections of which intermediate certs to send on Linux. Does it always assume that the last cert in the chain is a root cert that should not be sent?

@martin-pes To work around this just email tekniksupport@getswish.se and ask for the GetSwishRootCAv2Test cert and then add it to the store.

[martin-pes]

I have followed advice of @mikaelnordin (many thanks for that) and workaround worked for me. My immediate problem is solved then.

However it does not seem right to me that Windows and Linux implementations behave differently - unless I am doing something wrong with the certificate installation - so I hope leaving the issue open for now can be useful.

[davidsh]

What version of .NET Core are you using for this app? Please show the output of "dotnet --info".

[davidsh]

I just got a hold of the root certificate (O=Getswish AB, OU=Swish Member CA, CN=Swish Root CA v2 Test). When i add this to the X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser) store the handshake works in linux too. Here are network catpures of the certificate exchange in the SSL handshake on windows 10 and linux with the new root cert installed in the store.

Windows 10 still sends the same 3 certificates. On linux the missing cert has been added.
To me it seems that there is something wrong in the selections of which intermediate certs to send on Linux. Does it always assume that the last cert in the chain is a root cert that should not be sent?

However it does not seem right to me that Windows and Linux implementations behave differently - unless I am doing something wrong with the certificate installation - so I hope leaving the issue open for now can be useful.

@bartonjs Can you comment on this? Is this just "expected" behavior difference with Linux vs. Windows?

[mikaelnordin]

I'm running 2.1

Windows:

dotnet --info
.NET Core SDK (reflecting any global.json):
 Version:   2.2.104
 Commit:    73f036d4ac

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.17763
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\2.2.104\

Host (useful for support):
  Version: 2.2.2
  Commit:  a4fd7b2c84

.NET Core SDKs installed:
  2.1.502 [C:\Program Files\dotnet\sdk]
  2.1.504 [C:\Program Files\dotnet\sdk]
  2.1.505 [C:\Program Files\dotnet\sdk]
  2.2.104 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.2.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.2.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.2.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download

Linux:

dotnet --info
.NET Core SDK (reflecting any global.json):
 Version:   2.1.700
 Commit:    c2ef055a0f

Runtime Environment:
 OS Name:     ubuntu
 OS Version:  18.04
 OS Platform: Linux
 RID:         ubuntu.18.04-x64
 Base Path:   /usr/share/dotnet/sdk/2.1.700/

Host (useful for support):
  Version: 2.1.11
  Commit:  d6a5616240

.NET Core SDKs installed:
  2.1.700 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.11 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.11 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.11 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download

[martin-pes]

Regarding version:

For Linux I build on Docker, I am using standard ASP.NET Core Docker images
mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim - for base
mcr.microsoft.com/dotnet/core/sdk:2.2-stretch - for build

For Windows

.NET Core SDK (reflecting any global.json):
 Version:   2.2.300
 Commit:    73efd5bd87

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.17763
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\2.2.300\

Host (useful for support):
  Version: 2.2.5
  Commit:  0a3c9209c0

.NET Core SDKs installed:
  2.1.602 [C:\Program Files\dotnet\sdk]
  2.1.604 [C:\Program Files\dotnet\sdk]
  2.1.700 [C:\Program Files\dotnet\sdk]
  2.2.202 [C:\Program Files\dotnet\sdk]
  2.2.204 [C:\Program Files\dotnet\sdk]
  2.2.300 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.2.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.2.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.2.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

[bartonjs]

Is this just "expected" behavior difference with Linux vs. Windows?

No.

My understanding was we didn't send any intermediates if chain.Build returned false. And if it returned true we knew that the last one was a root. If we're sending intermediates always, then the loop needs to be updated to not skip the last one if the chain has the status code PartialChain in it.

[davidsh]

@bartonjs

My understanding was we didn't send any intermediates if chain.Build returned false.

Who is "we" in this context? The bug seems like a client-side bug. So, the client isn't sending any intermediates to anyone. It would be a server that would presumably send some chain of server-side certs to the client.

If we're sending intermediates always, then the loop needs to be updated to not skip the last one if the chain has the status code PartialChain in it.

Which "loop" are you referring to? Is this for a server-side or client-side operation?

[bartonjs]

Who is "we" in this context?

SslStream, in either server mode or mutual auth client mode.

Which "loop" are you referring to

https://github.com/dotnet/corefx/blob/c6d9138def9be7c92f33a2f44897841142058a96/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.Ssl.cs#L152-L175

If chain.ChainStatus.Any(s => s.Flags == X509ChainStatusFlags.PartialChain) then stop should be elements.Count, not elements.Count - 1.

[davidsh]

@martin-pes
I've been looking into this issue. I was able to build the Dockerfile and see the error you're getting.

But I don't understand why I'm getting an error. The Dockerfile contains instructions to install all 3 certificates in the trust chain above the client certificate. And that includes the root "Swish_TLS_RootCA.crt".

COPY SwishClient/CA/CustomerCA.crt /usr/local/share/ca-certificates/CustomerCA.crt
COPY SwishClient/CA/RootCA.crt /usr/local/share/ca-certificates/RootCA.crt
COPY SwishClient/CA/Swish_TLS_RootCA.crt /usr/local/share/ca-certificates/Swish_TLS_RootCA.crt
RUN update-ca-certificates

So, why is this repro still showing an error since you did install the root (as the workaround for the .NET Core bug)?

Although, it is interesting that running your /api/cert endpoint, I only see 2 certificates returned:

{"versionString":"Unix 4.9.125.0",
 "machineCertificates":[
  "C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Customer CA1 v1 for Swish",
  "C=SE, O=Swedbank AB (publ), SERIALNUMBER=SWEDSESS, CN=Swedbank Root CA v2 for Swish Test"],
 "userCertificates":[],"version":3}
 

[mikaelnordin]

Looking at the repo that @martin-pes linked in the inital post i can see that it has not been updated to use the root-cert for the workaround.
The cert "Swish_TLS_RootCA.crt" is actually not the root thats missing from the "Swish_Merchant_TestCertificate_1231181189.p12" certificate chain.

This is the root that needs to be installed to get it to work:
GetSwishRootCAv2Test.zip

[davidsh]

Thanks for clarifying that. Looking at the 3 certificates in the CA directory, I see that none of them contain the required top root "CN=Swish Root CA v2 Test" needed by the client certificate.

CustomerCA.crt:
        Subject: CN = Swedbank Customer CA1 v1 for Swish, serialNumber = SWEDSESS, O = Swedbank AB (publ), C = SE
        Issuer: CN = Swedbank Root CA v2 for Swish Test, serialNumber = SWEDSESS, O = Swedbank AB (publ), C = SE

RootCA.crt:
        Subject: CN = Swedbank Root CA v2 for Swish Test, serialNumber = SWEDSESS, O = Swedbank AB (publ), C = SE
        Issuer: CN = Swish Root CA v2 Test, OU = Swish Member CA, O = Getswish AB

Swish_TLS_RootCA.crt:
        Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA

When I examine the client certificate itself, I see 3 certificates in the chain and the bottom one (Cert 1) has a private key.

$ openssl pkcs12 -info -in Swish_Merchant_TestCertificate_1231181189.p12

Cert 1:
subject=/C=SE/O=5560997982/CN=1234679304
issuer=/CN=Swedbank Customer CA1 v1 for Swish/serialNumber=SWEDSESS/O=Swedbank AB (publ)/C=SE

Cert 2:
subject=/CN=Swedbank Customer CA1 v1 for Swish/serialNumber=SWEDSESS/O=Swedbank AB (publ)/C=SE
issuer=/CN=Swedbank Root CA v2 for Swish Test/serialNumber=SWEDSESS/O=Swedbank AB (publ)/C=SE

Cert 3:
subject=/CN=Swedbank Root CA v2 for Swish Test/serialNumber=SWEDSESS/O=Swedbank AB (publ)/C=SE
issuer=/CN=Swish Root CA v2 Test/OU=Swish Member CA/O=Getswish AB

The missing root "CN=Swish Root CA v2 Test" is indeed in the GetSwishRootCAv2Test.pem file you referenced. It seems like the "Swish_TLS_RootCA.crt" file probably isn't needed at all.

$ openssl x509 -in GetSwishRootCAv2Test.pem -inform der -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:62:d4:5c:0d:91:b6:f9:ad:18:f0:df:8f:e7:8e:c6
    Signature Algorithm: sha512WithRSAEncryption
        Issuer: CN = Swish Root CA v2 Test, OU = Swish Member CA, O = Getswish AB
        Validity
            Not Before: Mar 20 12:22:12 2018 GMT
            Not After : Mar 20 12:22:12 2038 GMT
        Subject: CN = Swish Root CA v2 Test, OU = Swish Member CA, O = Getswish AB
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE