Internet Explorer Developer Center >
SSL Client Certificate handshake not successful

Unanswered SSL Client Certificate handshake not successful

  • Monday, January 30, 2012 4:01 PM
     
      Has Code
    Sign In to Vote
    0

    I am using URLmon provided functions on WindowsCE to access a https location.

    I've implemented a thin wrapper for IBindStatusCallback to allow for the SSL Client Cert dialog to pop up.

     

    HttpTransfer::BeginningTransaction(url=https://server:8443/?552751412, additionalHeaders=00bee95c)
headers:
Accept-Encoding: gzip, deflate
User-Agent: app (Alpha)
Accept: application/xml

HttpTransfer::QueryInterfaceHelper({4f9f9fcb-e0f4-48eb-b7ab-fa2ea9365cb4})
HttpTransfer::OnProgress(statusCode=1(BINDSTATUS_FINDINGRESOURCE), statusText=server)
HttpTransfer::OnProgress(statusCode=2(BINDSTATUS_CONNECTING), statusText=xxx.x.70.89)
HttpTransfer::OnProgress(statusCode=11(BINDSTATUS_SENDINGREQUEST), statusText=(null))
HttpTransfer::OnProgress(statusCode=3(BINDSTATUS_REDIRECTING), statusText=https://portal.server/LAGBroker?c=secure/x509/email/app/uri&%22https://server:8443/?552751412%22)
HttpTransfer::OnProgress(statusCode=1(BINDSTATUS_FINDINGRESOURCE), statusText=portal.server)
HttpTransfer::OnProgress(statusCode=2(BINDSTATUS_CONNECTING), statusText=212.4.xx.xx)
HttpTransfer::OnProgress(statusCode=11(BINDSTATUS_SENDINGREQUEST), statusText=(null))
HttpTransfer::OnProgress(statusCode=38(BINDSTATUS_COOKIE_STATE_ACCEPT), statusText=(null))
HttpTransfer::OnProgress(statusCode=3(BINDSTATUS_REDIRECTING), statusText=https://portal.server/nesp/app/plogin?c=secure/x509/email/app/uri&%22https://portal.server:443/LAGBroker?%22https://server:8443/?552751412%22%22)
HttpTransfer::OnProgress(statusCode=34(BINDSTATUS_COOKIE_SENT), statusText=(null))
HttpTransfer::OnProgress(statusCode=11(BINDSTATUS_SENDINGREQUEST), statusText=(null))
HttpTransfer::OnProgress(statusCode=38(BINDSTATUS_COOKIE_STATE_ACCEPT), statusText=(null))
HttpTransfer::OnProgress(statusCode=3(BINDSTATUS_REDIRECTING), statusText=https://app2.server/nidp/idff/sso?RequestID=idxu7a2YyxmvUKkxjdwDVOcwqAXzA&MajorVersion=1&MinorVersion=2&IssueInstant=2012-01-30T15%3A54%3A59Z&ProviderID=https%3A%2F%2Fportal.server%3A443%2Fnesp%2Fidff%2Fmetadata&RelayState=MA%3D%3D&consent=urn%3Aliberty%3Aconsent%3Aunavailable&ForceAuthn=false&IsPassive=false&NameIDPolicy=onetime&ProtocolProfile=http%3A%2F%2Fprojectliberty.org%2Fprofiles%2Fbrws-art&target=https%3A%2F%2Fportal.server%3A443%2FLAGBroker%3F%2522https%3A%2F%2Fserver%3A8443%2F%3F552751412%2522&AuthnContextStatementRef=secure%2Fx509%2Femail%2Fapp%2Furi&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=AX4YdVGNq1PdLUsH8v6I0fx4K44Zdxp5F4hdMXVxf5GaDn2FUemvrpy4DsCRwC187BZ%2Ffhyog9yffH9fA4Bzp4uhsr7o06iuUQR7Dj%2B%2FFwROrglr9DLV82xGHC%2Byn22N3I2mpo%2B4UG4RVBzK4zGjos5aGBFov8%2BnaDCva8ZCud%2FP2mEdAf5xFDiHoVAYy0wQ%2Bfay9zFS1CoBJqu8P%2BQT4GfQh6qltWGpJ1vK59%2FUw3iJOm4WoessB7oPAe0nmhMkdtqBwbfO3U
HttpTransfer::OnProgress(statusCode=1(BINDSTATUS_FINDINGRESOURCE), statusText=idp.server)
HttpTransfer::OnProgress(statusCode=2(BINDSTATUS_CONNECTING), statusText=xxx.x.70.91)
HttpTransfer::OnProgress(statusCode=11(BINDSTATUS_SENDINGREQUEST), statusText=(null))
HttpTransfer::QueryInterfaceHelper({79eac9d7-bafa-11ce-8c82-00aa004ba90b})
HttpTransfer::OnSecurityProblem(problem=12044, ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
HttpTransfer::GetWindow(reason={79EAC9D7-BAFA-11CE-8C82-00AA004BA90B})
Load module: netui.dll
Load module: iphlpapi.dll
Load module: ceddk.dll
HttpTransfer::OnProgress(statusCode=2(BINDSTATUS_CONNECTING), statusText=xxx.x.70.91)
HttpTransfer::OnProgress(statusCode=11(BINDSTATUS_SENDINGREQUEST), statusText=(null))
HttpTransfer::OnProgress(statusCode=38(BINDSTATUS_COOKIE_STATE_ACCEPT), statusText=(null))
HttpTransfer::OnStopBinding(result=800c0008, errorText=(null))

    However calling the same URL in the IE browser results in a successful download after the certificate is chosen. The same dialog pops up and the download finishes.

    Any idea what MS is doing differently in their IE implementation of the IBindStatusCallback?

    Could this be a threading issue? I am calling this on a background thread and not the main UI thread.


    • Edited by phil_ke Monday, January 30, 2012 4:02 PM
    •  
     

All Replies

  • Wednesday, February 01, 2012 6:32 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

     

    Would you please provide us some codes about your issue?

     

    It is not necessary that you send out the whole of your project. We just need a simplest sample to reproduce the problem. You can remove any confidential information or business details from it.

     

    Best regards,

    Jesse

    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us
     
  • Wednesday, February 01, 2012 6:40 AM
     
     
    Sign In to Vote
    0

    Hello Jesse,

    Thanks for your response. This issue is driving me crazy. I will put together a sample project and provide you with a download link

     
  • Wednesday, February 15, 2012 6:11 AM
     
     
    Sign In to Vote
    0

    Hello again Jesse,

    I managed to create a sample project to reproduce the error. It will print a trace to the debug output and tries to download a file.

    To recreate the environment you need a SSL server that requests a client certificate (which should popup a dialog for the user to select the client cert).

    I hope you can find the flaw in our code.

    Please find the sourcecode here:

    http://www.mediafire.com/?rgjyvnbc3cjpiij