| SecureSocket.RemoteCertificate |
|
|
by Matt Frame [mdframe at sorvive dot com]
posted on 2003/10/15 |
|
First, let me say thank you for providing a library of this caliber!
Secondly, I have never worked with socket routines so forgive me as being a newbie and asking dumb questions.
I am in a situation where I need to write a custom listener that uses SSL and Client Certificates for transfering data. Your package looks like it can do all of this now I just need to learn how.
I am working with your WebServer.cs sample and I am trying to have it accept a connection from my existing test app that sends a POST. I see the header information in the query variable and I even see the conent length, problem is I don't know where to get the content of the POST.
I also need to get the client certificate that was sent and I was trying to use RemoteCertificate but I am getting <undefined> so apparently I am not doing something correct. This client app is used to test items against a WebMethods system and they say the get my client certificate so I assume it is sending everything correctly.
Can you tell me what objects I need to set to get the content and the client certificate in WebServer.cs? This level of programming is very new to me and I appreciate any help you can give.
Thanks,
Matt |
by Matt [mdframe at sorvive dot com]
posted on 2003/10/15 |
|
I have figured out the problem with the POST, need to keep receiving data until you are at the end of the POST '\0\0\0\0'.
I am still unable to get the client certificate that was sent. |
by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/15 |
|
If a server wants the client to send a client certificate, it must explicitly ask it. In Security Library terms, you must specify the SecurityFlags.MutualAuthentication value in the SecurityOptions instance you pass to the SecureSocket.
If you've set the CredentialVerification to CredentialVerification.Manual, the library will call your verification delegate as soon as it receives the client certificate. If you have specified CredentialVerification.Auto or AutoWithoutCName, the library will automatically verify the certificate and close the connection if it is an untrusted certificate.
I took a look at the RemoteCertificate property that you mentioned, and it appears there's a bug in it that causes the property to always return null, even if the library has received a remote certificate. I'll make sure that bug is removed in the next version of the library.
In the mean time, I would suggest you use the CredentialVerification.Manual option. You'll have to create a delegate method that will be called when the remote certificate has arrived. |
by Matt [mdframe at sorvive dot com]
posted on 2003/10/15 |
|
Pieter,
Thanks for the help I really need it.
As for the options go do I just add it to your sample options in the WebServer.cs?
Also I do not know how to code a delegate for CredentialVerification.Manual option. Do you have a quick sample that shows this?
Thanks,
Matt |
by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/15 |
|
Sure, you can start from the WebServer example, however keep in mind that it was designed to be an easy example of the security library. It was not designed to be a full fledged HTTP server.
As for the delegate, take a look at the WebClient example. It has a credential verification delegate named 'OnVerify'. |
by Matt [mdframe at sorvive dot com]
posted on 2003/10/15 |
|
I understand that your sample is just that. I am just trying to use it to discover how everything works.
I added the recommended pieces and the program never enters the delegate function. Here is what I have:
// initialize a SecurityOptions instance
SecurityOptions options = new SecurityOptions(sp, cert, ConnectionEnd.Server);
options.VerificationType = CredentialVerification.Manual;
options.Flags = SecurityFlags.MutualAuthentication;
options.Verifier = new CertVerifyEventHandler(OnVerify);
// create a new SecureSocket with the above security options
SecureSocket s = new SecureSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp, options);
Do I need to specify additional options to the SecurityOptions object to get the delegate to become active? As I said before sockets is comletely new to me. |
by Matt [mdframe at sorvive dot com]
posted on 2003/10/16 |
|
Apparently the problem stems from the certificate as I have Microsoft working on a problem for me with certificates. |
by darko [darko dot zajdela at kiss dot si]
posted on 2004/07/23 |
|
i have same problem.
i'm using webserver sample.
i have inserted code:
options.CommonName = "10.8.20.126"
options.VerificationType = CredentialVerification.Auto;
options.Flags = SecurityFlags.MutualAuthentication; options.Verifier = new CertVerifyEventHandler(OnVerify);
when i conect to server using
https://localhost:port IE sends empty certificate (it can not be verified).
If i skip code in OnVerify function tha page is displayed.
i have no certificates installed and webserver is using server.pfx certificate.
i would liek IE to popup window for selecting certificate. what's wrong in my case? what should i do?
thank you for your answer. |
by darko [darko dot zajdela at kiss dot si]
posted on 2004/07/24 |
|
i also tried
options.VerificationType = CredentialVerification.Manual;
|
