Webclient failing with SSL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have this code in a web service:

m_webclient = New WebClient

Dim byteArray As Byte()

byteArray = m_webclient.DownloadData(url)

and this has worked for quite a while. But recently, my company added SSL to
the server and now, I get the error message, "Underlying connection was
closed. Unable to connec to remote server."

It seems as if SSL is the culprit. This code is executed from client
machines. I have the feeling I need to do something like

Dim mySP As ServicePoint =
ServicePointManager.FindServicePoint(url.ToString())
Dim policy As MyPolicy
ServicePointManager.CertificatePolicy() = New MyPolicy

(I know this code is wrong, but I'm hoping it's not too wrong. MyPolicy is
this class:
Public Class MyPolicy
Implements ICertificatePolicy

Public Function CheckValidationResult(ByVal srvPoint As
ServicePoint, _
ByVal cert As X509Certificate, ByVal request As
WebRequest, _
ByVal certificateProblem As Integer) _
As Boolean Implements
ICertificatePolicy.CheckValidationResult
'Return True to force the certificate to be accepted.
Return True
End Function
Public Function AcceptAllCertificatePolicy() As Boolean
Return True
End Function
End Class

====================

Any help is obviously gratefully and nearly eternally appreciated.

RON
 
Ron said:
I have this code in a web service:

m_webclient = New WebClient

Dim byteArray As Byte()

byteArray = m_webclient.DownloadData(url)

and this has worked for quite a while. But recently, my company added
SSL to the server and now, I get the error message, "Underlying
connection was closed. Unable to connec to remote server."

It seems as if SSL is the culprit. This code is executed from client
machines. I have the feeling I need to do something like

Dim mySP As ServicePoint =
ServicePointManager.FindServicePoint(url.ToString())
Dim policy As MyPolicy
ServicePointManager.CertificatePolicy() = New MyPolicy
Click to expand...

[...]

You're on the right track. Although you shouldn't use an "Accept All"
certificate policy in production, it will definitely show if this works at
all.

Cheers,
 
Ron said:
Thanks for the heads up, but two questions:

Could you help me adjust the track? This didn't work (yet). Are there
any code snippets to cut and paste?

Also, this code is only executed from a very protected enviornment,
from behind a firewall and only after the user has logged in (via
calls through Oblix to LDAP), so it seems rather protected. Under
this circumstance, is AcceptAll still appropriate? And if not, how
would I modify that?
Click to expand...

Well, you have to check why the certificate is being rejected by the .NET
FCL default policy. The default policy only accepts both valid and valid but
expired certificates. So there seems to be something wrong with that
certificate in the first place. Why use such a certificate in a production
environment?

Cheers,
 
The cert is brand new and fully tested. This is the first time any problem
have arisen, so that line of reasoning is not correct.

Also, I do not understand the mechanism involved. When I force a false
return value in both methods in my Policy class, the connection is still OK
and the cert is accepted. I have not been able to single step through the
Policy class (which just implements ICertificatePolicy). Tthat is to say, I
don't know what triggers these functions, but it seems that the mere
existence of this class object, a non-null object value for
ServicePointManager.CertificatePolicy() is sufficient for all certs to be
automatically accepted.

Or...perhaps, since I am running in design mode, some things are cached?

RON
 
Ron said:
The cert is brand new and fully tested. This is the first time any
problem have arisen, so that line of reasoning is not correct.
Click to expand...

So if you're accessing the site with a browser, it does not issue a warning?
Also, I do not understand the mechanism involved. When I force a false
return value in both methods in my Policy class, the connection is
still OK and the cert is accepted.
Click to expand...

Weird... um... ICertifictaePolicy has only one method
CheckValidationResult(). What do you mean by "both" methods?
I have not been able to single
step through the Policy class (which just implements
ICertificatePolicy). Tthat is to say, I don't know what triggers
these functions, but it seems that the mere existence of this class
object, a non-null object value for
ServicePointManager.CertificatePolicy() is sufficient for all certs
to be automatically accepted.
Click to expand...

Yes, that's how you set it. You should be able to put a breakpoint in there
and debug it.

Cheers,
 
Back
Top