Client certificate not getting added to the request (Certificate Verify)
While researching how to capture socket data to Wireshark, from my locally hosted page, I accidentally stumbled upon an article saying that "Certificate Verify" isn't sent over TLS 1.2 in "newer versions of Windows" (like Windows 10).
So I changed the protocol to TLS 1.0 and the request went through:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
With TLS 1.1 I get an exception, unlike what the guy in that article said:
(WebException) The request was aborted: Could not create SSL/TLS secure channel.
Why this worked isn't something I have time to investigate currently, as I'm already way behind schedule debugging this issue, but it sounds to me like a bug, much like another user claimed in another question.
I found a Microsoft article along these lines saying:
This issue only occurs with servers that downgrade the TLS session in an ungraceful way (such as by sending a TCP reset when receiving a TLS protocol version that the server does not support)
But since I start in TLS 1.2, and the server clearly accepts TLS 1.2 (via Postman and Chrome), it must be a tiny part of the TLS 1.2 protocol that isn't implemented the same way or something. I still don't understand how the Postman native Windows app manages to use TLS 1.2 though.
It may be worth noting that Internet Explorer first attempts TLS 1.2, and then after 2 resets (like my client), it just downgrades to TLS 1.0 and gets through. To me this sounds very similar to the update to Internet Explorer talked about in the article:
I realize this is not a great answer (when it comes to details of "why"), but at least it gives a hint as to what one might try if coming across similar issues.
If anyone understands this issue, and perhaps even knows how I can support TLS 1.2, then I'd appreciate it very much.
Why is my certificate not being send in the request?
Finally figured this one out. The other party needed to trust the root CA from our client certificate
OpenSSL how to request client certificate, but don't verify it
You should read the manual. It states:
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
[...]
The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. [...] If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. [...]
Writing a function that always returns 1
and passing it as verify_callback
should help you solve the problem.
Related Topics
Linq Multiple Group by in a List<T> Then Convert to List<T>
How to Test If a Instance of a Class Is a Specific Generic Type
Itextsharp Pdfptable How to Make a Border Around Entire Table
How to Show a Console Output/Window in a Forms Application
How to Get Nested Json Values in C#
Posting Jsonobject With Httpclient from Web API
How to Use Telegram API in C# to Send a Message
Data Binding in MVC 5 and Select2 Multiple Values With Razor Engine
Encode a Filestream to Base64 With C#
How to Get the Currently Loggedin Windows Account from an ASP.NET Page
How to Select Last Record in a Linq Groupby Clause
Searching If Value Exists in a List of Objects Using Linq
Regular Expression for Anything But an Empty String
Most Efficient Way to Compare Two Ienumerables (Or Lists) in Linq
How to Check If User Input Is from Barcode Scanner or Keyboard