-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tooling] dotnet dev-certs issues on Mac when old certificate version is present #15118
Comments
I managed to get a clean repro for this issue.
|
This also includes the log from kestrel dotnet ./bin/Debug/netcoreapp3.1/webappclean31.dlldotnet ./bin/Debug/netcoreapp3.1/webappclean31.dll
dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
Hosting starting
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using '/Users/jacalvar/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-2ba1a4f9-1a74-42f1-9dfc-66d1c8f6477f.xml'.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-90369a32-cc7f-4640-a05c-a0ddd5d8ad51.xml'.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-8be36a50-36bd-4df5-a019-a07e0660e256.xml'.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-1f4045ee-9ee7-4cd4-ac0d-3a87e9e15d0e.xml'.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-d8d2bb5d-96cd-4d03-94a4-530255a7633b.xml'.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
Reading data from file '/Users/jacalvar/.aspnet/DataProtection-Keys/key-784f15d0-86f5-4b69-8385-56831915d539.xml'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {2ba1a4f9-1a74-42f1-9dfc-66d1c8f6477f}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {90369a32-cc7f-4640-a05c-a0ddd5d8ad51}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {8be36a50-36bd-4df5-a019-a07e0660e256}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {1f4045ee-9ee7-4cd4-ac0d-3a87e9e15d0e}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {d8d2bb5d-96cd-4d03-94a4-530255a7633b}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
Found key {784f15d0-86f5-4b69-8385-56831915d539}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver[13]
Considering key {784f15d0-86f5-4b69-8385-56831915d539} with expiration date 2019-11-15 14:03:22Z as default key.
dbug: Microsoft.AspNetCore.DataProtection.TypeForwardingActivator[0]
Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=42.42.42.42, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory[11]
Using managed symmetric algorithm 'System.Security.Cryptography.Aes'.
dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory[10]
Using managed keyed hash algorithm 'System.Security.Cryptography.HMACSHA256'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[2]
Using key {784f15d0-86f5-4b69-8385-56831915d539} as the default key.
dbug: Microsoft.AspNetCore.DataProtection.Internal.DataProtectionHostedService[0]
Key ring with default key {784f15d0-86f5-4b69-8385-56831915d539} was loaded during application startup.
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
Failed to locate the development https certificate at '(null)'.
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[0]
Using development certificate: CN=localhost (Thumbprint: 163AB9BC6FB63A5504E690BC3603E0931557FCD8)
dbug: Microsoft.AspNetCore.Server.Kestrel[0]
No listening endpoints were configured. Binding to http://localhost:5000 and https://localhost:5001 by default.
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
dbug: Microsoft.AspNetCore.Hosting.Diagnostics[0]
Loaded hosting startup assembly webappclean31
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
Content root path: /Users/jacalvar/work/validation/webappclean31
dbug: Microsoft.Extensions.Hosting.Internal.Host[2]
Hosting started
dbug: Microsoft.AspNetCore.Server.Kestrel[39]
Connection id "0HLQJPMSPDN1D" accepted.
dbug: Microsoft.AspNetCore.Server.Kestrel[1]
Connection id "0HLQJPMSPDN1D" started.
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET http://localhost:5000/
dbug: Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware[0]
Wildcard detected, all requests with hosts will be allowed.
trce: Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware[2]
All hosts are allowed.
dbug: Microsoft.AspNetCore.HttpsPolicy.HstsMiddleware[1]
The request is insecure. Skipping HSTS header.
dbug: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[5]
Https port '5001' discovered from server endpoints.
dbug: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[1]
Redirecting to 'https://localhost:5001/'.
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
Connection id "0HLQJPMSPDN1D" completed keep alive response.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 13.8035ms 307
dbug: Microsoft.AspNetCore.Server.Kestrel[39]
Connection id "0HLQJPMSPDN1E" accepted.
dbug: Microsoft.AspNetCore.Server.Kestrel[1]
Connection id "0HLQJPMSPDN1E" started.
dbug: Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+AppleCrypto+SslException: Internal error
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__69_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
dbug: Microsoft.AspNetCore.Server.Kestrel[2]
Connection id "0HLQJPMSPDN1E" stopped.
dbug: Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[7]
Connection id "0HLQJPMSPDN1E" sending FIN because: "The Socket transport's send loop completed gracefully." dotnet run
dev-certs export exception
|
Repro steps on macOS 10.14.6:
This machine is not a clean machine. It has had other .NET Core sdks installed Debugging this in VS Mac:
Errors after: VS Mac is trying to connect to the localhost port here:
|
This issue seems unrelated and like based on some state on the machine. I haven't experienced it. I think the repro can be simplified.
I have a hunch that the two exceptions happen for the same reason (both cases fail when they try to access the key material), so using this simplified repro might be an easier way to investigate. |
I could not reproduce it neither on 10.14 nor on 10.15.
I think there is something about how we install or consume dotnet or it is related to some system configuration or state. The system I'm using has default configuration. Installed 10.14.6 and then I did upgrade to 10.15. I don't know if it matters to use installer or just binaries. The symptoms @mrward is reporting looks like some corrupted install. |
@wfurt Thanks for looking into this. I haven't changed anything on the Mac configuration I'm using. Is there anything I can run on my machine that would give you more details? |
I ran I've checked for updates and the OS says it's up to date |
There are few things you can try to get some more info.
(you can skip PID but that may be noisy. Check if you see anything interesting there. run before trying export. Disable temporarily extended security (needs to be done from recovery mode) |
Clearing milestone for re-triage |
@javiercn is this still a concern? |
When an old version of the certificate is present on Mac, the tool runs into some issues:
dotnet dev-certs https --check
returns 0.dotnet dev-certs https -ep path -p password
fails.Cleaning the cert and creating a new one fixes the issue.
For whomever is fixing this:
dotnet dev-certs HTTPS --clean
as that will remove the cert and prevent the issue from reproing.The text was updated successfully, but these errors were encountered: