开发者

HttpWebRequest.GetRequestStream() breaks by timeout on SSL connection under Windows 7/Vista

I have an C# windows application (.Net 3.0 Framework) that makes a call to PHP web service using HttpWebRequest.

In Win 7 & Vista, if the call is made via non-SSL (i.e. http://), the code works fine. When the call is changed to call the SSL(https:) version of the link, it times out at the HttpWebRequest.GetRequestStream(). This happens every time.

When this same application is run on a Windows XP machine it works fine with either the HTTP or the HTTPS url being used.

The code does have the accept all server certificates code in it. Also, I have added System.Net logging. It writes out the log but because the packets are encrypted you really don't see much except for the Timeout abort statement.

I've also tried Fiddler but again with the encrypted packets, I don't see much. BTW, when I try to use Fiddler2 to decrypt the app hangs so that has not been successful.

Anyway, any help would be appreciated. Thanks.

I will add:

  • I can telnet into the port
  • I have tried running the app as Administrator
  • I have tried the Win XP compatibility mode (trying anythi开发者_StackOverflow社区ng)
  • I have singled the connect code out into a simple stand-alone app


This error cropped up in a working C# application after migrating the website being accessed to a new server, and that indicated a server-side problem. Indeed, we finally resolved this issue by setting the "ServerName" value in the Apache configuration file to match the domain name registered in the certificate. (Another forum mentioned that setting "ServerAlias" would also work.)

More specifically, the httpd.conf file for the SSL site had the following in the VirtualHost section:

ServerName www.secure.mydomain.com

The certificate was registered to secure.mydomain.com, and the URL we were accessing was also https://secure.mydomain.com/test.html.

So simply changing the conf file to the following and restarting Apache did the trick:

ServerName secure.mydomain.com

The following would have also worked, most likely:

ServerName www.secure.mydomain.com
ServerAlias secure.mydomain.com

Here's some additional background information, for future reference:

The two errors we saw in the System.Net.trace.log were:

System.Net.Sockets Error: 0 : [4316] Exception in the 
    Socket#18796293::Receive - A blocking operation was 
    interrupted by a call to WSACancelBlockingCall
System.Net Error: 0 : [4316] Exception in the 
    HttpWebRequest#35191196:: - The operation has timed out

Here are all the things we tried which did not resolve the issue:

  • installing intermediate certificates from the SSL certificate issuer into Apache (this is required)
  • changing user agent in web request (no effect)
  • changing server-side and client-side time-outs and memory limits (no effect)
  • testing with a static page (no effect)
  • testing with other https sites (they worked fine)
  • adding the cert to the trusted certificates store (no effect)
  • purchase and install a certificate from a different certificate issuer (no effect)
  • compare virtual host .conf files from a known working server to the problem server (this led us to resolve the issue)

The https URL could be opened in Opera, IE8, and Firefox without any problems. WGET for Windows complained about an invalid certificate, but then again, WGET is an old application and does not appear to trust as many certificates.

The C# client application worked under Windows XP, but not in Windows 7 or Windows Vista. It appears that Windows 7 and Vista are more aggressive about validating the certificate. They do not provide an informative error message when it fails, and instead simply time out during the SSL handshake.


Maybe the SSL certificate refers to a CRL which takes too long to fetch?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜