Mono.Security is outdated #264

Closed
hultqvist opened this Issue Jun 29, 2014 · 7 comments

Projects

None yet

3 participants

@hultqvist

The embedded Mono.Security.dll is of an older version with bugs fixed in later versions.
For example "Unsupported hash algorithm" https://bugzilla.xamarin.com/show_bug.cgi?id=20167

Preferably the system version would be used.

@franciscojunior
Member

Thank you for the heads up, @hultqvist !

We have an issue open to talk about dropping the dependency on Mono.Security here: #127 .

We are considering using ms.net SSLStream. In fact, we already have the code which supports SSLStream and a flag to change using Mono.Security or SSLStream. Would you mind giving us some feedback about your Mono.Security usage with Npgsql?

Thanks in advance.

@franciscojunior franciscojunior added bug research feature and removed bug labels Jul 1, 2014
@franciscojunior franciscojunior added this to the 2.2 milestone Jul 1, 2014
@hultqvist

Well basically I removed the reference to the embedded Mono.Security and replaced it with a reference to Mono.Security as provided by the OS. Since then it has worked fine.
I've not done any changes in the onfiguration of PostgreSQL relating to communication, and I'm connecting to localhost if that changes anything.

Though this was done on Ubuntu 14.04 with additional updates of the mono runtime, but I guess the one provided with 14.04 is still newer.

The problem before that was not with PostgreSQL but rather other parts of my code that communicated with outside web servers. Since the embedded older version got used there too they suddenly couldn't work with SSL as used by wordpress.com.

@franciscojunior
Member

Thanks for your feedback, @hultqvist ! It will guide us to make the change as smooth as possible.

I'd like to ask you a few more questions:

Are you using any of the Mono security callbacks inside Npgsql?

If you change your code to use SSLStream by using the line:

connection.UseSslStream(true);

does your program work ok?

Thanks in advance.

@hultqvist

It works when using

connection.UseSslStream = true;

Though I've found previously that when using SslStream it will into Mono.Security when run on a Linux platform.
I believe the questions should be if it works on Windows. There I can't help.

@franciscojunior
Member

It works when using

Great!

connection.UseSslStream = true;
Though I've found previously that when using SslStream it will into Mono.Security when run on a Linux platform.

I think so as Mono.Security must be the assembly which holds the SSlStream type.

By using SSLStream, Npgsql wouldn't depend directly on Mono.Security assembly and the type of problem you are having now (outdated Mono.Security assembly) would be nonexistent.

I believe the questions should be if it works on Windows. There I can't help.

I think it would work ok as Microsoft implements the SSLStream.

Thank you very much for your feedback, @hultqvist ! You helped a lot!

@franciscojunior franciscojunior added a commit to franciscojunior/Npgsql that referenced this issue Jul 11, 2014
@franciscojunior franciscojunior Update Mono.Security.dll assembly to Mono version 3.4.0
Fix #264
dad52aa
@roji
Member
roji commented Jul 27, 2014

@franciscojunior, did we end up committing the new version of Mono.Security? If not, I think we probably want to do it for the 2.2 release?

@franciscojunior
Member

Em 27/07/2014 09:35, "Shay Rojansky" notifications@github.com escreveu:

@franciscojunior, did we end up committing the new version of Mono.Security? If not, I think we probably want to do it for the 2.2 release?

I didn't commit it! Thanks for the heads up!


Reply to this email directly or view it on GitHub.

@franciscojunior franciscojunior added a commit that referenced this issue Jul 30, 2014
@franciscojunior franciscojunior Update Mono.Security.dll assembly to Mono version 3.4.0
Fix #264

(cherry picked from commit dad52aa)

(PR #273)
982f13f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment