0 votes
by (120 points)

Hi I am evaluating Rebex TlsSocket to establish secured TLS1.2 MQTT connection with Aws IoT Hub. We have volume field devices and a successful trial should help us connect all the field devices with AWS IoT Hub.

I referred to this article and followed all steps https://forum.rebex.net/9807/how-to-use-tlssocket-directly?show=9807#q9807

Code:

this.tlsSocket = new TlsClientSocket();
tlsSocket.LogWriter = new Rebex.FileLogWriter(@"D:\log.txt",Rebex.LogLevel.Debug);
this.tlsSocket.Connect(new IPEndPoint(this.remoteIpAddress, this.remotePort));
tlsSocket.Parameters.Version = TlsVersion.TLS12;
//var cert = Certificate.LoadPfx("devicecert.pfx", "");
tlsSocket.Parameters.CertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(clientCert);
tlsSocket.Parameters.CertificateVerifier = CertificateVerifier.Default;
tlsSocket.ValidatingCertificate += new EventHandler<SslCertificateValidationEventArgs>(tlsSocket_ValidatingCertificate);

I am getting following error:

2023-05-23 00:12:00 INFO TlsSocket(54267293)[1] TLS: Performing client certificate authentication.
2023-05-23 00:12:00 DEBUG TlsSocket(54267293)[1] TLS: Error while processing TLS packet: System.Security.Cryptography.CryptographicException: Unable to create SHA256 hash using 楍牣獯景⁴湅慨据摥䌠祲瑰杯慲桰捩倠潲楶敤⁲ㅶ〮� (0x80090008).
   at ghric.xtdkc.wbbry(Byte[] p0, aippr p1)
   at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignHash(Byte[] hash, SignatureHashAlgorithm hashAlgorithm)
   at ghric.autbd.hwlnr(Byte[] p0, Int32 p1, Int32 p2, ivnfx p3)
   at ghric.autbd.fwlia(Byte[] p0, Int32 p1, Int32 p2)
   at ghric.yexzh.fcfxr(Byte[] p0, Int32 p1, Int32 p2)
   at ghric.yexzh.loqiv()
2023-05-23 00:12:01 INFO TlsSocket(54267293)[1] TLS: Fatal Alert:InternalError was sent.
2023-05-23 00:13:07 Opening log file.
2023-05-23 00:13:07 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common R5.11 for .NET Compact Framework 3.5

My client Certificate file "devicecert.pfx does not have any password set. I am able to use same certificate on .NET 4.5 Windows to connect.

Applies to: Rebex TLS

1 Answer

0 votes
by (148k points)

PFX support is limited on .NET CF 3.5 on platforms that don't support SHA-2, which seems to be the case here.

As a workaround, load the certificate and the private key from files. To create those two files, load the PFX file on .NET 4.5 on Windows and convert it to a .cer/.pri file pair:

var cert = Certificate.LoadPfx("devicecert.pfx", password); 
cert.Save("devicecert.cer", CertificateFormat.Base64Der);
cert.SavePrivateKey("devicecert.key", password, PrivateKeyFormat.Base64Pkcs8, true);

Then, in .NET CF 3.5 application, load the certificate from those two files instead of the PFX:

var clientCert = Certificate.LoadDerWithKey("devicecert.cer", "devicecert.key", "password");
by (148k points)
I am sorry, but we cannot afford to support you for free, particularly on legacy platforms that are no longer officially supported at all! Ale, please note that the evaluation period for Rebex libraries is one month, not one year. When the trial period expired, you were supposed to either stop using Rebex TLS library, or purchase a license.

Additionally, if the following code does not produce any log file at all:
    var tlsSocket = new TlsClientSocket();
    tlsSocket.LogWriter = new Rebex.FileLogWriter(@"\\Flashdisk\\SandBag\\log.txt", Rebex.LogLevel.Debug);
    tlsSocket.Connect(new IPEndPoint(remoteIpAddress, remotePort));

Then it means that something is seriously wrong with the device or OS, and I'm afraid we can't really help you with that with no access to that particular device. Does an application running on the WinCE device indeed hang and not produce any log file if no other action is performed? And are you able to connect to the same endpoint using .NET's System.Net.Sockets.Socket class?
by (120 points)
Lukas, your point is valid! And there is no intention for misuse of libraries or Trial period.

There was a resourcing issue and it was difficult to find new resource for legacy technology, in the mean time other product development caught up.

Making a purchase is not a problem. Post purchase need your support to ensure smooth integration on above platform.


Awaiting your confirmation.
by (148k points)
The thing is, Window CE 6.0 reached end-of-life more than 6 years ago, and supporting it is getting more difficult for us as well. To make things even worse, Microsoft has unfortunately shut down MSDN TechNet forums for .NET CF and Windows CE, making the vast database of problems and solutions inaccessible.

But let's try...
- Are you able to reproduce the issue on other WinCE devices, or in an emulator?
- Make sure you are actually able to connect to the remote endpoint using .NET's System.Net.Sockets.Socket class. If this fails as well, Rebex libraries won't be able to connect either.
- Instead of using the TlsClientSocket from Rebex.Tls assembly, try using TlsSocket from Rebex.Networking assembly (and remove the Rebex.Tls assembly reference from the project). Does this make any difference?
by (120 points)
Hi Lukas,

I understand the concerns you have mentioned and we are also experiencing difficulty maintaining these legacy products.

I am testing on actual device i.e. Toradex VF50 running WinCE6

Test 1: Testing System.Net.Sockets.Socket
        public void Connect()
        {
            Console.WriteLine("Socket Connect...");
            this.socket = new Socket(this.remoteIpAddress.GetAddressFamily(), SocketType.Stream, ProtocolType.Tcp);
            // try connection to the broker
            this.socket.Connect(new IPEndPoint(this.remoteIpAddress, this.remotePort));
            Console.WriteLine("Done");

            //this.tlsSocket = new TlsClientSocket();
            //tlsSocket.LogWriter = new Rebex.FileLogWriter(@"log.txt", Rebex.LogLevel.Debug);
            //this.tlsSocket.Connect(new IPEndPoint(this.remoteIpAddress, this.remotePort));
            //tlsSocket.Parameters.Version = TlsVersion.TLS12;
            //tlsSocket.Parameters.CertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(clientCert);
            //tlsSocket.Parameters.CertificateVerifier = CertificateVerifier.Default;
            //tlsSocket.ValidatingCertificate += new EventHandler<SslCertificateValidationEventArgs>(tlsSocket_ValidatingCertificate);
            //tlsSocket.Parameters.CommonName = this.remoteHostName;


Output:
\flashdisk\sandbag> sandbag
Starting...
Loaded Certificates...
Get RSA parameters...
MQTT Client...
Subscribe...
Socket Connect...
Done

Inference:
This mean System.Net.Sockets.Socket Connect is ok

Test 2: Rebex.Tls.Co

        public void Connect()
        {
            Console.WriteLine("Socket Connect...");
            this.tlsSocket = new TlsClientSocket();
            tlsSocket.LogWriter = new Rebex.FileLogWriter(@"\\Flashdisk\\SandBag\\log.txt", Rebex.LogLevel.Debug);
            this.tlsSocket.Connect(new IPEndPoint(this.remoteIpAddress, this.remotePort));
            Console.WriteLine("Done");
            tlsSocket.Parameters.Version = TlsVersion.TLS12;
            tlsSocket.Parameters.CertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(clientCert);
            tlsSocket.Parameters.CertificateVerifier = CertificateVerifier.Default;
            tlsSocket.ValidatingCertificate += new EventHandler<SslCertificateValidationEventArgs>(tlsSocket_ValidatingCertificate);
            tlsSocket.Parameters.CommonName = this.remoteHostName;

Output:
\flashdisk\sandbag> sandbag
Starting...
Loaded Certificates...
Get RSA parameters...
MQTT Client...
Subscribe...
Socket Connect...

Inference:
Rebex.Tls.TlsClientSocket Connect is not proceeding

I also tried using Rebex.Net.TlsSocket but same result as Test 2
by (148k points)
- Is there anything in the log file at \Flashdisk\SandBag\log.txt?

- Are you able to reproduce the issue on other WinCE device, or in an emulator?

- If you put the tls.Connect call inside a try/catch(Exception error) block, and do Console.WriteLine(error) in the catch block, does this write anything to the output?
...