locked
How to use UpgradeToSslAsync correctly on a connected StreamSocket?

    Question

  • Dear all, my scenario is that:

    If I don't use proxy and connect to the remote server directly with SocketProtectionLevel::Ssl, it could always succeed and I could send/recv data through the socket.

    If I connect to a remote server through a proxy, I must connect to the proxy firstly with SocketProtectionLevel::PlainSocket. Both the proxy and the remote server belong to our company and we could access the remote server via the proxy (I've double confirmed through IE). This connection could succeed, and send/recv some data through the socket has been successful. But when I use UpgradeToSslAsync with the parameters SocketProtectionLevel::Ssl and the remote server, something is wrong. The following code is taken from my program:

          HostName ^hostName = ref new HostName(remoteServer);
          IAsyncAction ^upgradeAction = sock->UpgradeToSslAsync(
             Windows::Networking::Sockets::SocketProtectionLevel::Ssl, hostName);

          upgradeAction->Completed = ref new AsyncActionCompletedHandler([=](IAsyncAction^ a, AsyncStatus astat)
          {
             if (astat == AsyncStatus::Error) {
                Dprintf(1, "%s:Upgrade Failed\n", __FUNCTION__);
             }
             SetEvent(mUpgradeCompleteEvent);
          });

    sock is the StreamSocket which is used to connect the proxy. There is no exception for this code. But from log I could see that "Upgrade Failed" is printed, while I found that the ProtectionLevel of sock has been changed from PlainSocket to Ssl. So I don't know where the problem is.

    Another confusing thing is that whatever the remote server is (either valid or invalid), the log "Upgrade Failed" will always be printed...

    What makes me in trouble is that after the upgrade, if I want to send something through the socket, I will always get a excettion as "Exception:0x80000013". I don't know what is wrong with the DataWriter.

    I am wondering that before the UpgradeToSslAsync is called, should we stop all the send/recv function routines?

    There have been some discussions, but none of them does any help, for example:

    http://social.msdn.microsoft.com/Forums/windowsapps/en-US/296f23d3-6143-4b9f-b92b-4a866fddf4bd/schannel-by-using-upgradesllasync-a-few-issues

    http://social.msdn.microsoft.com/Forums/windowsapps/en-US/72c9bccc-bf72-4f2d-be35-3d60ee0094c2/how-to-use-streamsocket-after-calling-upgradetosslasync

    http://social.msdn.microsoft.com/Forums/windowsapps/en-US/da535c7a-1f9b-4890-a74c-c71e4256c771/perform-upgradetosslasync-on-a-streamsocket-without-revocation-check

    The InputStreamOptions of the DataReader is set as InputStreamOptions::Partial.

    I do believe that the certificate is corrected with CA issued.

    I couldn't provide the whole source code as they are not allowed to be published. So does anyone here could also provide some testing code to me if they works well? Thank you very much.

    I am eagerly looking forward to your kind replies....




    • Edited by B0L Thursday, June 20, 2013 3:46 AM
    Thursday, June 20, 2013 2:55 AM

Answers

  • You said your certification validation & verification portion is OK. So I am not talking about this.

    -> Please see the exact reason of connection failed. You can check HRESULT value in try-catch value.

    -> If you would like to upgrade an existing connection into a secured one, you have to ensure that there is no I/O operation is running during the up-gradation.

    -> For debugging purpose, you can try to initiate a secured connection directly instead of up-grading it.

    Friday, June 21, 2013 6:10 AM

All replies

  • Anybody here? Thanks in advance...
    Friday, June 21, 2013 12:57 AM
  • There is some important finds per the latest debug showed that for UpgradeToSslAsync:

          IAsyncAction ^upgradeAction = sock->UpgradeToSslAsync(
             Windows::Networking::Sockets::SocketProtectionLevel::Ssl, hostName);

    If I call upgradeAction->GetResults(), I will get an exception saying: Win RT information:  I/O operations in progress.

    I think when UpgradeToSslAsync is called, the DataWriter/DataReader is still working. I've tried to cancel the read/write operation but that doesn't help any.

    I hope this info could give some hints to anyone else hitting the same issue with me.

    I am still looking forward to any response. Thanks.

    Friday, June 21, 2013 1:23 AM
  • You said your certification validation & verification portion is OK. So I am not talking about this.

    -> Please see the exact reason of connection failed. You can check HRESULT value in try-catch value.

    -> If you would like to upgrade an existing connection into a secured one, you have to ensure that there is no I/O operation is running during the up-gradation.

    -> For debugging purpose, you can try to initiate a secured connection directly instead of up-grading it.

    Friday, June 21, 2013 6:10 AM
  • Thank you very much for the reply. Yeah, the root cause is exactly that I've initiated the async read operation. If I didn't start this operation, the upgrade could succeed.

    Monday, July 01, 2013 9:13 AM