Bug #71536 .NET Connector SSL not working on Windows XP with BLANK Certificate Password
Submitted: 30 Jan 2014 23:02 Modified: 12 Feb 2015 6:51
Reporter: Trey Unspecified Email Updates:
Status: No Feedback Impact on me:
None 
Category:Connector / NET Severity:S1 (Critical)
Version:6.6.4 and 6.8.3 OS:Windows (XP and maybe Server 2003)
Assigned to: Assigned Account CPU Architecture:Any
Tags: .net Connector, CertificatePassword, SSL, windows xp

[30 Jan 2014 23:02] Trey Unspecified
Description:
If I use a PKCS12 cert/key file with the .net connector and that PKCS12 file does not have a password protecting the private key, I get an exception on Windows XP when calling the "Open" class instance method. The message is: "The specified network password is not correct" So far I have only seen this occur on Windows XP. It works as intended on Windows 7.

My C# connection code is:
StringBuilder Connection_String = new StringBuilder();

// build the connection string to test
Connection_String.Append("Pwd=");
Connection_String.Append(Password);

Connection_String.Append(";Uid=");
Connection_String.Append(User_Name);

Connection_String.Append(";Server=");
Connection_String.Append(Address_To_Try);

Connection_String.Append(";Port=3306;Connect Timeout=5;Pooling=false;");

if ((Path_TO_PKCS12_File != null) && (Path_TO_PKCS12_File.Length > 0))
{
	Connection_String.Append("CertificateFile=");
	Connection_String.Append(Path_TO_PKCS12_File);
	Connection_String.Append(";SSL Mode=Required;");
}

DB_Connection = new MySqlConnection();
DB_Connection.ConnectionString = Connection_String.ToString();

DB_Connection.Open();

How to repeat:
Use the C# code provided above, substituting valid strings for the variables: Password, User_Name, Address_To_Try, Path_TO_PKCS12_File; and run the program on Windows XP (all available .net versions and updates applied, though I am using version 2 for my project).

Finally make sure that the PKCS12 file (Variable: "Path_TO_PKCS12_File" above) does NOT have a password assigned to it.

Suggested fix:
After doing some research online (I did not examine any source code for the connector, so this may not be relevant):

At the site:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/5e56bab7-3f13-4fe9-bac1-05ba20ce8dc7...

"X509Certificate2 has 2nd constructor which takes password. This is required for windows 2003 and below."

http://code.google.com/p/apns-sharp/issues/detail?id=36
http://www.codeproject.com/KB/WCF/wcfcertificates.aspx?msg=3248769
[12 Jan 2015 6:51] Chiranjeevi Battula
Hello Trey Unspecified,

Thank you for the bug report.
Please try with latest GA release 6.9.5, version 6.8.3 is old and many bugs were fixed since. Inform us if the issue still exists.

Thanks,
Chiranjeevi.
[13 Feb 2015 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".