locked
How to ignore the self signed certificate error when using StreamSocket::UpgradeToSslAsync?

    Question

  • Hello, Dear all,

     

    I could do it with StreamSocket::ConnectAsync. The Stream socket example has shown to us how to do that. The typical steps are as the following:

    1. create a streamsocket;

    2. connect to remote server address;

    3. if there is cert ignorable errors, add them into the list of IgnorableServerCertificateErrors;

    4. do the connect again.

     

    But with UpgradeToSslAsync, it is totally another thing. After we get the ssl errors with UpgradeToSslAsync, I was told by the system that the socket has been closed. Unless I re-do the ConnectAsync, I would have no chance to call UpgradeToSslAsync again by ignoring the ssl certificate errors.

     

    It seems that my last choice is to set up the SSL connection directly in the ConnectAsync step instead of calling UpgradeToSslAsync (But this way is not recommended because we've done much with the connected socket before UpgradeToSslAsync ). Could you please give me some advice?

     

    Thanks.


    • Edited by B0L Friday, April 18, 2014 9:58 AM
    Friday, April 18, 2014 9:22 AM

Answers

  • This makes sense - if you try to connect to a socket which has an error (the certificate isn't trusted) then a new socket will be necessary if you decide to connect anyway.  Is this causing a major issue in your app?

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by B0L Tuesday, April 22, 2014 1:37 AM
    Monday, April 21, 2014 1:20 PM
    Moderator

All replies

  • The standard way to establish connection is in the documentation, which seems to match the way that you don't think is recommended.  If it works, what's the problem with it?

    • Create the StreamSocket.
    • Get socket control data on a StreamSocketControl       object using the Control property and set any properties before calling one of the ConnectAsync methods.
    • Call one of the ConnectAsync methods to establish a connection with the remote endpoint. If an SSL/TLS connection is required immediately, this can be specified using some of the ConnectAsync methods. If an SSL/TLS connection is desired after sending and receiving some initial data, then the UpgradeToSslAsync method can be called later to upgrade the connection to use SSL.
    • Get the OutputStream          property to write data to the remote host.
    • Get the InputStream          property to read data from the remote host.
    • Read and write data as needed.
    • Call the Close method to abort any pending operations and release all unmanaged resources associated with the StreamSocket  object.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Friday, April 18, 2014 12:26 PM
    Moderator
  • Hi, Matt,

    Thank you very much for the reply.

    Yeah, For ConnectAsync, we could ignore the cert error by re-doing the connection. But my test showed that the ssl cert error occurred in UpgradeToSslAsync couldn't be ignored unless we re-create another socket.

    Would you please give me some hint?

    Thanks!

       
    Sunday, April 20, 2014 11:41 AM
  • This makes sense - if you try to connect to a socket which has an error (the certificate isn't trusted) then a new socket will be necessary if you decide to connect anyway.  Is this causing a major issue in your app?

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by B0L Tuesday, April 22, 2014 1:37 AM
    Monday, April 21, 2014 1:20 PM
    Moderator
  • Thanks, Matt.

     

    This behavior does bring some troubles to us as we are using ConnectAsync to create a plain socket, make some operations with it, then use UpgradeToSslAsync.

     

    So the conclusion is that: we couldn't ignore the ssl cert errors with UpgradeToSslAsync. Once there is ssl cert error when calling this guy, we will have no choice to workaround this. What we could do is to use ConnectAsync with ssl connection directly, or require that the cert is a trusted one.

     

    Thanks.



    • Edited by B0L Tuesday, April 22, 2014 1:37 AM
    Tuesday, April 22, 2014 1:36 AM