none
When validating server certificate: The underlying connection was closed: An unexpected error occurred on a send RRS feed

  • Question

  • Hi guys.

    I'm trying to connect to a service that has a certificate validation in order to get the information. The certificate was provided and doesn't have an usual trusted root, but the root certificate was also provided.

    I'm trying to connect to the service using a HttpWebRequest:

    HttpWebRequest http = (HttpWebRequest)WebRequest.Create(address);
    X509Certificate2Collection collection = new X509Certificate2Collection()
    {
       new X509Certificate2(@".\cert.pfx", certpassword),
       new X509Certificate2(@".\issuing.cer"),
       new X509Certificate2(@".\rootca.cer")
    
    };
    
    http.AllowWriteStreamBuffering = false;
    
    ServicePointManager.FindServicePoint(address);
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.DefaultConnectionLimit = 9999;
    ServicePointManager.MaxServicePointIdleTime = int.MaxValue;
    ServicePointManager.CheckCertificateRevocationList = false;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
    ServicePointManager.ServerCertificateValidationCallback += (sender, mycert, chain, sslPolicyErrors) =>
    {
       return true;
    };
    
    http.ClientCertificates.Clear();
    http.ClientCertificates = collection;
    http.ServerCertificateValidationCallback += (sender, mycert, chain, sslPolicyErrors) =>
    {
       return true;
    };
    
    http.KeepAlive = false;
    string responseStr;
    WebResponse response = http.GetResponse();
    using (StreamReader sr = new StreamReader(response.GetResponseStream()))
    {
       responseStr = sr.ReadToEnd();
    }

    What I get is an exception stating "The underlying connection was closed: An unexpected error occurred on a send". The inner message is: "Authentication failed because the remote party has closed the transport stream."

    Because is a send failure, I've tryied this: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/understanding-webrequest-problems-and-exceptions

    What am I missing here guys?

    All help needed.

    Thanks in advance,

    David

    Monday, October 15, 2018 6:52 PM

All replies

  • Hi David,
    From your description and code
    >>The certificate was provided and doesn't have an usual trusted root, but the root certificate was also provided
    If the server use the certificate as the identity, I think the client should specify the CertificateValidationMode (Although your ServerCertificateValidationCallback validation function always returns true). Which depend on where the server certificate put in. if the certificate put in the person store.

    client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =

    System.ServiceModel.Security.X509CertificateValidationMode.None;


    Besides, you did not mention how the client credentital were validated. It depends on the server configuration.
    https://i.stack.imgur.com/fug3e.jpg
    I suggest you use the client proxy class to test the service by adding the service reference, and then use httpwebrequest to send a request.
    Feel free to contact me if you have any problem.
    Best Regards
    Abraham


    Wednesday, October 17, 2018 3:34 PM
    Moderator