5

After installing library MailKit and calling new SmtpClient().ConnectAsync(_settings.Server, _settings.Port, _settings.SSL); I get this error:

Access to the path '/var/www/.dotnet/corefx/cryptography/crls' is denied.

by the way, my project is located on /media/ProjectName. i tried perform this: sudo chmod -R 755 /var but i got permission error.

here is stacktrace:

at System.IO.UnixFileSystem.CreateDirectory(String fullPath)↵ at System.IO.Directory.CreateDirectory(String path)↵ at Internal.Cryptography.Pal.CrlCache.GetCachedCrlPath(X509Certificate2 cert, Boolean mkDir)↵ at Internal.Cryptography.Pal.CrlCache.DownloadAndAddCrl(X509Certificate2 cert, SafeX509StoreHandle store, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.CrlCache.AddCrlForCertificate(X509Certificate2 cert, SafeX509StoreHandle store, X509RevocationMode revocationMode, DateTime verificationTime, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.BuildChain(X509Certificate2 leaf, HashSet1 candidates, HashSet1 downloaded, HashSet1 systemTrusted, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout)↵ at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)↵ at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, Boolean checkCertName, String hostName)↵ at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback)↵ at System.Net.Security.SslState.CompleteHandshake()↵ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.ReadFrameCallback(AsyncProtocolRequest asyncRequest)↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()↵ at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)↵ at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)↵ at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)↵ at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task`1 promise, Boolean requiresSynchronization)↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)↵ at MailKit.MailService.<>c__DisplayClass41_0.b__0()↵ at System.Threading.Tasks.Task.Execute()↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MyProject.Services.MessageService.d__4.MoveNext()↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MyProject.Services.MessageService.d__5.MoveNext()

Improve this question
2
  • 1
    The call stack indicates that the code is trying to build and access a certificate cache. You can manually create the directory and grant the necessary permissions. Don't modify /var top directory as that's crazy. Commented Oct 31, 2016 at 0:02
  • thank you, @LexLi . I should have created this directory before writing this post. It works! Commented Oct 31, 2016 at 16:09

2 Answers 2

Reset to default
9

As Lex Li posted create directory /var/www/.dotnet/corefx/cryptography/crls and give rights to www-data group (if this is the group that runs your service)

sudo chgrp www-data /var/www/.dotnet/corefx/cryptography/crls

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

First, you need to recursively create the directory: mkdir -p /var/www/.dotnet/corefx/cryptography/crls
2

I was referring this guide. In the kestrel-hellomvc.service file replaced User=www-data with User=my-root-username and it worked. Hope it helps someone.

Improve this answer

1 Comment

does this mean the kestrel anonymous web server is running as root?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.