Connection problems when using SSL

Connection problems when using SSL

Postby sumit » Thu 07 Oct 2010 17:56

I have tried this with the latest version of the drivers and an older version and the problem exists in all the versions...

Steps:

PREPARATION:
1. Configure db server to require SSL
2. Create two client applications that connect to the database and execute some query, one that runs as a Windows Service (LOCAL SYSTEM user account) and the other that runs as a web application (ASPNET user account on XP and Network Service user account on Win2k3)
3. The connection string just needs to use Protocol=Ssl. There is no need to specify a CA-Cert or client certs.

CASE 1: FAILS
1. Take an XP machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection problems.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (ASPNET user's profile) but fails because it picks the wrong folder location to do so.

It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\ASPNET\Application Data\Microsoft\Crypto\RSA\

The correct path should be:
C:\Documents and Settings\\ASPNET\Application Data\Microsoft\Crypto\RSA\


CASE 2: PASS
1. Take a Windows 2k3 machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection passes.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (Network Service user's profile) and succeeds.

It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\

--------

We need a resolution to this behavior in next few weeks because he offer Ssl connectivity to the database and our product has windows services and web clients that run on the same machine.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Wed 13 Oct 2010 13:10

I have checked the 5.80.170 build of dotConnect for MySQL with Windows XP SP3 using the scenario you have described in CASE 1.
Windows Service (the Local System account) creates the key in this folder:
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\
Web Application (IIS 5.1, the ASPNET user) generates the key here:
C:\Documents and Settings\\ASPNET\Application Data\Microsoft\Crypto\RSA\

1. Tell us your current build. You can find it via the Tools > MySQL > About menu of Visual Studio.
2. Both applications open the SSL connection in our environment successfully. Which results are you getting with the 5.80.170 build?
Shalex
Devart Team
 
Posts: 7460
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Wed 13 Oct 2010 23:25

Interesting... I will try it again on 5.80.170 version. I think I tried 5.20.x when we saw this issue.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby sumit » Thu 21 Oct 2010 16:02

Tried and it works with build 5.80.170. Thanks.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23


Return to dotConnect for MySQL