-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mkbundle --list-targets on windows fails with System.Net.WebException CERTIFICATE_VERIFY_FAILED #17201
Comments
In reference to https://github.com/mono/mono/blob/master/mcs/tools/mkbundle/mkbundle.cs the param
Unfortunately it throws another error independent: Stacktrace
Same behavior on Mono x86 as well as on Mono x64. The secure connection site information of https://download.mono-project.com/runtimes/raw/ shows that the certificate is issued by Microsoft IT TLS CA 2 and issued to *.vo.msecnd.net The certificate of https://mono-project.com is issued by Let's encrypt Authority X3 and issued to www.mono-project.com. In mkbundle.cs the source contains
but also
Afaik |
/cc @baulig |
On the Windows setup
Another finding is that I had to start
There is a batch script
To check which certificates are in which stores, type Findings:
|
The long-standing issue is we have no mechanism to import a default state for the Mono trust store on Windows (i.e. Mono doesn't use the Windows trust store, doesn't bundle a trust store, and doesn't sync from the Windows trust store to its own format either). As a workaround, if you have a PEM bundle handy, e.g. from a Cygwin install, you can import it ( |
@directhex I am a beginner in Mono and non-English. Some of the Mkbundle instructions learned are applicable as well on Linux as on Windows, some not (yet?). But mostly it seems to be a learn&study project, and it evolves. The implicit expectation of some sort of trust store sync has been first. OpenSSL is on Windows as well as on Linux. I didn't figure out where to fix the Mkbundle prerequisites. There are no visualized if-this-then-that software development workflow docs. |
Here's the script creating a VM from the Azure W2k19 template: https://github.com/dcasota/azure-scripts/blob/master/W2K19-Install.ps1. Here's the script installing Mono on W2K19 https://github.com/dcasota/azure-scripts/blob/master/MonoOnW2K19-install.ps1 @directhex According to #17417 Mono works on Windows (W2K19). Thank you for sharing! |
Unfortunately I am not skilled enough to drill down to the root cause and to get a solution bakened, but in my issue the use of mkbundle on W2k19 has become obsolet. |
I was getting the same problem on my Windows 10 machine. Tried to install certificates to no avail. I eventually went around it by explicitly specifying the download URL to not use SSL as per below: mkbundle --target-server http://download.mono-project.com/runtimes/raw/ --list-targets |
I've filed a bug for this. #17903 |
Steps to Reproduce
msiexec /i mono-6.4.0.198-x64-0.msi INSTALLFOLDER="c:\mono" /qb
mkbundle --list-targets
Current Behavior
mkbundle --list-targets
throws an unhandled exception.Expected Behavior
list targets
On which platforms did you notice this
[ ] macOS
[ ] Linux
[x] Windows
Version Used:
Microsoft Windows [Version 10.0.17763.557]
Mono JIT compiler version 6.4.0 (Visual Studio built mono)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: normal
Notification: Thread + polling
Architecture: amd64
Disabled: none
Misc: softdebug
Interpreter: yes
LLVM: supported, not enabled.
Suspend: preemptive
GC: sgen (concurrent by default)
Stacktrace
The docs https://www.mono-project.com/archived/usingtrustedrootsrespectfully/ or https://www.mono-project.com/docs/tools+libraries/tools/mkbundle/ unfortunately do not provide a reference for prerequisites mkbundle on windows.
The text was updated successfully, but these errors were encountered: