HTTP API and SSL - connection closed without SSL handshake RRS feed

  • Question

  • Hi,

    I'm trying to use HTTP API with SSL in a server but I'm running into some problems. I don't receive any error, but when a client tries to connect, the TCP hanshake takes place correctly (I was sniffing the network), the client sends SSL hello message, and then the server sends a TCP FIN message as if it had closed the socket without having sent any SSL message back to the client.

    Probably there is some info I'm lacking ...

    There are some questions about the parameters that I have to enter and probably that's the root of my problem:

    1-From where I can get the GUID: configSSLSet.ParamDesc.AppId

    2-Is configSSLSet.ParamDesc.pSslHash the thumbnail of the server certificate?

    3-Is configSSLSet.ParamDesc.pSslCertStoreName the complete path to the key store where the server key is stored? How is the appropriate key identified?

    Thanks in advance, part of the code is below:

      ULONG      retCode;
      HANDLE     hReqQueue   = NULL;
      int       UrlAdded    = 0;
    	int urlnum;
    	wchar_t *urls[10];
      sockaddr_in addr; 
    	char *orig = "";
      // Convert to a wchar_t*
      size_t origsize = strlen(orig) + 1;
    	size_t convertedChars = 0;
      wchar_t wcstring[200];
      mbstowcs_s(&convertedChars, wcstring, origsize, orig, _TRUNCATE);
    	char *keypath = "server1.cer";
    	origsize = strlen(keypath) + 1;
    	convertedChars = 0;
    	wchar_t wcKeypath[200];
      mbstowcs_s(&convertedChars, wcKeypath, origsize, keypath, _TRUNCATE);
    	urls[0] = argv[0];
      if (argc < 2)
        wprintf(L"%ws: <Url1> [Url2] ... \n", argv[0]);
    		urls[1] = wcstring;
    		urlnum = 1;
        //return -1;
      // Initialize HTTP Server APIs
      retCode = HttpInitialize( 
            NULL            // Reserved
      if (retCode != NO_ERROR)
        wprintf(L"HttpInitialize failed with %lu \n", retCode);
        return retCode;
      memset((char *)&addr, 0, sizeof(struct sockaddr_in));
      addr.sin_addr.s_addr = inet_addr("");  //0x0100007f; // 
    	if (INADDR_NONE == addr.sin_addr.s_addr)
    		printf("ERROR: converting address\n");
      addr.sin_family = AF_INET; 
      addr.sin_port = htons(LISTEN_PORT); 
      //BYTE hash[] = { 0xfc, 0x93, 0x12, 0x12, 0x71, 0x6b, 0xa1, 0x8d, 0xd2, 0x15, 0x0d, 0xd7, 0xf9, 0x5b, 0xf0, 0x44, 0x09, 0xf4, 0x0d, 0x65 }; 
    	BYTE hash[] = {0xd5 ,0x91 ,0x23 ,0xc7 ,0xdc ,0x3e ,0x2a ,0x18 ,0x93 ,0xbf ,0x49 ,0x7b ,0x8f ,0x77 ,0xca ,0x6c ,0x87 ,0x5f ,0xdd ,0x03};
    	//BYTE hash[] = {0xC3,0xBB,0xC9,0x2B,0x96,0xB5,0xAE,0xC9,0x37,0x95,0x14,0x06,0xD0,0xA7,0x16,0x7E};
    	memset(&configSSLSet, 0, sizeof(HTTP_SERVICE_CONFIG_SSL_SET));
    	typedef struct _GUID { 
    		DWORD Data1; 
    		WORD Data2; 
    		WORD Data3; 
    		BYTE Data4[8];
    	} GUID;
    	GUID appid = {0x890D7C50, 0xADB9, 0x4611, {0x99,0x40,0xC7,0x58,0x8C,0xC1,0x5B,0xAC}};       //{890D7C50-ADB9-4611-9940-C7588CC15BAC}
    	printf("%2.2X-%2.2X-%2.2X-%2.2X-\n", appid.Data4[0], appid.Data4[1], appid.Data4[2], appid.Data4[3]);
      configSSLSet.KeyDesc.pIpPort = (PSOCKADDR)&addr;
      configSSLSet.ParamDesc.pSslHash = (PVOID)hash; 
      configSSLSet.ParamDesc.AppId = appid; 
      configSSLSet.ParamDesc.DefaultCertCheckMode = 0; 
      configSSLSet.ParamDesc.DefaultRevocationFreshnessTime = 0; 
      configSSLSet.ParamDesc.DefaultRevocationUrlRetrievalTimeout = 0; 
      configSSLSet.ParamDesc.pSslCertStoreName = 0; //wcKeypath; // defaults to "MY" 
      configSSLSet.ParamDesc.SslHashLength = sizeof(hash); 
      // not sure if this is necessary; the .NET examples do this 
     /*  LPVOID pAlloc = CoTaskMemAlloc(sizeof(configSSLSet)); 
      memcpy( pAlloc, &configSSLSet, sizeof(configSSLSet) ); */
      retCode = HttpSetServiceConfiguration(0,HttpServiceConfigSSLCertInfo,&configSSLSet,sizeof(HTTP_SERVICE_CONFIG_SSL_SET),NULL); 
      wprintf(L"HttpSetServiceConfiguration = %lu \n", retCode); 
    	  retCode = HttpDeleteServiceConfiguration(0,HttpServiceConfigSSLCertInfo,&configSSLSet,sizeof(HTTP_SERVICE_CONFIG_SSL_SET),NULL); 
    		wprintf(L"HttpSetServiceConfiguration = %lu \n", retCode); 
    		if (NOERROR == retCode)
    		  retCode = HttpSetServiceConfiguration(0,HttpServiceConfigSSLCertInfo,&configSSLSet,sizeof(HTTP_SERVICE_CONFIG_SSL_SET),NULL); 
    			wprintf(L"HttpSetServiceConfiguration = %lu \n", retCode); 







    • Moved by Jesse Jiang Thursday, August 5, 2010 3:21 AM (From:Visual C++ General)
    Tuesday, August 3, 2010 4:05 PM





    I would suggest you to post this question in Networking forum, that you will get  a satisfactory answer.


    Have a nice day!


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, August 5, 2010 3:21 AM