locked
SSL/TSL Handshake RRS feed

  • Question

  • Hi everybody.

    I want to implement a client that communicates over SSL with a server using client certificates. I cannot access or change anything on the server. The SSL handshake must be implemented like in the browser's: Client sends a request without a client certificate, server sends a response and asks for a client certificate, client searches the "matching" client certificate(s) and send it back to the server. If there are multiple "matching" certificates on the client the user has to select the correct one in a popup window. This must be done this way because it must be "dynamic" and we cannot send a "fix" client certificate.

    I have read through the MSDN documentation. But i didn't figure out how to do this. I don't think it's possible with the TCPClient/SSLStream combination. Does anyone have a hint? 

    Tuesday, October 20, 2009 2:03 PM

Answers

All replies

  • What kind of a server are you talking to? Is it FTP/HTTP or something else?

    If Ftp/Http then FtpWebRequest/HttpWEbRequest already provide the SSL handshake.

    feroze
    --
    My blog
    Instruction on how to create a tracelog with your System.Net application
    Wednesday, October 21, 2009 3:43 AM
  • Hi Feroze

    It is a HTTP(S) server. I know that the handshake is implemented in the HttpWebRequest. But there you have to send the client certificate with the request and i want to determinate the client certificate depending on the server trusted issuers and if multiple certificates are valid I want to let the user choose which one to use.
    Friday, October 23, 2009 12:42 PM
  • Unfortunately, there is no callback mechanism in the HttpWebRequest so that it can call you back with the server certs and let you chose the certificate.

    It might be a good idea for a feature request.

    feroze
    --
    My blog
    Instruction on how to create a tracelog with your System.Net application
    • Marked as answer by Tobi1412 Sunday, October 25, 2009 11:49 AM
    Saturday, October 24, 2009 6:18 PM
  • Hi Feroze

    Thank you for helping. I have placed a request through Microsoft Connect (ID 502723).
    • Marked as answer by Tobi1412 Sunday, October 25, 2009 11:49 AM
    Sunday, October 25, 2009 11:48 AM