Bug #61010 Certificate is not signed Error with Ssl Mode=Required or Ssl Mode=Preferred
Submitted: 29 Apr 2011 18:36 Modified: 3 Jul 2011 14:19
Reporter: peter sohn Email Updates:
Status: No Feedback Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:6.3.6 OS:Microsoft Windows
Assigned to: Assigned Account CPU Architecture:Any
Tags: ServerCertificateValidationCallback, Ssl Mode=Required, SSPI error

[29 Apr 2011 18:36] peter sohn
Description:
the System.Net.ServicePointManager.ServerCertificateValidationCallback function ServerCheckValidation returns false, if you select Ssl Mode=Required or Ssl Mode=Preferred. You get an SSPI error with a internal message:

Die Zertifikatskette wurde von einer nicht vertrauensw├╝rdigen Zertifizierungsstelle ausgestellt

"Certificate is not signed by a trusted certificate authority"

If handshake fails, this is a illogical behaviour. 

System.Security.Authentication.AuthenticationException wurde nicht behandelt.
  Message=Fehler bei SSPI-Aufruf, siehe interne Ausnahme.
  Source=System
  StackTrace:
       bei System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
       bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       bei System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       bei System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
       bei MySql.Data.MySqlClient.NativeDriver.StartSSL()
       bei MySql.Data.MySqlClient.NativeDriver.Open()
       bei MySql.Data.MySqlClient.Driver.Open()
       bei MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
       bei MySql.Data.MySqlClient.MySqlPool.GetPooledConnection()
       bei MySql.Data.MySqlClient.MySqlPool.TryToGetDriver()
       bei MySql.Data.MySqlClient.MySqlPool.GetConnection()
       bei MySql.Data.MySqlClient.MySqlConnection.Open()
       bei System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
       bei System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior)
       bei System.Data.Common.DbDataAdapter.Fill(DataTable dataTable)
       bei VdLA_Fachgruppen.VdLA_DataSetTableAdapters.FachgruppenTableAdapter.Fill(FachgruppenDataTable dataTable) in C:\Dokumente und Einstellungen\Sohntest\Eigene Dateien\Visual Studio 2010\Projects\VdLA-Fachgruppen\VdLA-Fachgruppen\VdLA_DataSet.Designer.vb:Zeile 1533.
       bei VdLA_Fachgruppen.Form1.Form1_Load(Object sender, EventArgs e) in C:\Dokumente und Einstellungen\Sohntest\Eigene Dateien\Visual Studio 2010\Projects\VdLA-Fachgruppen\VdLA-Fachgruppen\Form1.vb:Zeile 61.
       bei System.EventHandler.Invoke(Object sender, EventArgs e)
       bei System.Windows.Forms.Form.OnLoad(EventArgs e)
       bei System.Windows.Forms.Form.OnCreateControl()
       bei System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
       bei System.Windows.Forms.Control.CreateControl()
       bei System.Windows.Forms.Control.WmShowWindow(Message& m)
       bei System.Windows.Forms.Control.WndProc(Message& m)
       bei System.Windows.Forms.ScrollableControl.WndProc(Message& m)
       bei System.Windows.Forms.Form.WmShowWindow(Message& m)
       bei System.Windows.Forms.Form.WndProc(Message& m)
       bei System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       bei System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
       bei System.Windows.Forms.SafeNativeMethods.ShowWindow(HandleRef hWnd, Int32 nCmdShow)
       bei System.Windows.Forms.Control.SetVisibleCore(Boolean value)
       bei System.Windows.Forms.Form.SetVisibleCore(Boolean value)
       bei System.Windows.Forms.Control.set_Visible(Boolean value)
       bei System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
       bei System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
       bei System.Windows.Forms.Application.Run(ApplicationContext context)
       bei Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
       bei Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
       bei Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)
       bei VdLA_Fachgruppen.My.MyApplication.Main(String[] Args) in 17d14f5c-a337-4978-8281-53493378c1071.vb:Zeile 81.
       bei System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       bei System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       bei Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
       bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       bei System.Threading.ThreadHelper.ThreadStart()
  InnerException: System.ComponentModel.Win32Exception
       ErrorCode=-2147467259
       Message=Die Zertifikatskette wurde von einer nicht vertrauensw├╝rdigen Zertifizierungsstelle ausgestellt
       NativeErrorCode=-2146893019
       InnerException: 

How to repeat:
Any Visual Studio Application using MYSQL 5.088 and SSL. 

Suggested fix:
check NativeDriver.cs
[3 Jun 2011 14:19] Julio Casal
I'm finding it difficult to understand your issue. Please rephrase your problem by clearly stating what you are trying to do and what problem you are having with it. Also please include specific reproduction steps.
[3 Jul 2011 23:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".