| Dart Home | PowerTCP Sockets for .NET | Custom Development | Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
| Author | Forum: PowerTCP Sockets for .NET (Secure and Standard) Topic: Connection terminated during SSL handshake |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 24, 2004 6:56 PM I have successfully used the TCPClient sample to connect to the EchoServer sample (with and without SSL turned on). When I do this, I select the PowerTCP test certificate and all goes well. Unfortunately, I cannot get the same TCPClient sample to connect to my program (which is running as a windows service). My service automatically chooses the PowerTCP test certificate. Whenever the client tries to connect securely, I get a "Connection terminated during SSL handshake". If I turn OFF security on the client and server ends, it works flawlessly. My code to start listening on the server is: Sub InitializeServerSocketSSL() Dim CertificateStoreSSL As Dart.PowerTCP.SslSockets.CertificateStore Try ' Set up the certification authority information for the SSL socket server socketServerSSL = New Dart.PowerTCP.SslSockets.Server() CertificateStoreSSL = New Dart.PowerTCP.SslSockets.CertificateStore(CertificateStoreLocation.LocalMachine, CertificateStoreName.My) ' Create a new TCP protocol socket for the server and start listening to the specified port socketServerSSL.Certificate = CertificateStoreSSL(0) socketServerSSL.SecureProtocol = SecureProtocol.Auto socketServerSSL.AuthenticateClient = True socketServerSSL.Listen(intInternetPortNumberSSL) Catch socket_ex As SocketException If socket_ex.ErrorCode <> 10004 Then LogServerException(socket_ex) End If Catch ex As Exception LogServerException(ex) End Try End Sub The "socketServerSSL_Connection" event never fires on the server and I have no errors on startup. The service runs as LocalSystem. What I am doing wrong? |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 24, 2004 7:04 PM What happens if you set AuthenticateClient to false? |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 11:53 AM If I set AuthenticateClient to FALSE and then set "Security" to "None" in TCPClient, it connects successfully. If I set AuthenticateClient to FALSE and then set "Security" to "Auto" in TCPClient, it fails with the same error. If I leave AuthenticateClient as TRUE and then set "Security" to "None" in TCPClient, it connects successfully. If I leave AuthenticateClient as TRUE and then set "Security" to "Auto" in TCPClient, it fails with the same error. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 12:20 PM What happens if you run the service as you, instead of the System account? |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 12:27 PM If I run the service as my account, it works! In the client program, it asks me to specify a client certificate and then it allows me to connect. Unfortunately, my service also uses Microsoft Message Queueing Service, which requires that I use the system account for the service. How can I remedy this problem? |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 1:04 PM By the way, I've gone into certificate management (using MMC) and copied the PowerTCP test certificate to both the Local Machine (personal) AND the Service's (personal) store.. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 2:00 PM We just tried it here and it worked fine when the Cert was in LocalMachine. Maybe there's some kind of special policy on your machine that doesn't allow it. Try some other machines and see what happens. |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 3:07 PM OK, so do I need to change the line where I instantiate the CertificateStoreSSL??? For example, something like this: CertificateStoreSSL = New Dart.PowerTCP.SslSockets.CertificateStore(CertificateStoreLocation.Services, CertificateStoreName.My) Or do I leave it as: CertificateStoreSSL = New Dart.PowerTCP.SslSockets.CertificateStore(CertificateStoreLocation.LocalMachine, CertificateStoreName.My) Also, could I have something set up wrong in my certificate management screen? I'm using the trial version of the component with the PowerTCP test Cert. I'm going to e-mail you a screenshot of my certificate configuration (to support@dart.com) now. THANKS |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 3:20 PM We had the cert in LocalMachine\My as in your first picture. I am not familiar with whatever SmartEyeNetServices is so I would not put it there. On the service installer we had it set to use LocalSystem, not LocalService. Maybe you are using LocalService? If so try LocalSystem and see what happens. |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 3:28 PM I double-checked and it is using LocalSystem. I also added some debugging information into my program and had it print socketServerSSL.Certificate.IssuedTo into the event log. This worked perfectly (with the service running under the LocalSystem account). So the server IS getting the correct certicicate. What else could I try?? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 3:45 PM It almost sounds like when it's running as a service, it's not really running as secure. You would get the handshake error if you connected to a non-secure server with a secure client and then sent a few characters. Try this: start the service when you think it is secure, then connect to it with a non-secure client and see if it behaves correctly. |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 4:01 PM OK, when I use the TCPClient sample program and set Security to "None", and then place a breakpoint on the tcp1_ConnectionChanged event, the event fires with tcp1.Connected=true. When I resume the program, the event fires again with tcp1.Connected=false. It never displays the handshake error, but it also does not successfully connect. When I use the TCPClient sample program and set Security to "Auto", with the same breakpoints, the tcp1_ConnectionChange event fires only once, with tcp1.Connected=false and then the handshake error. In neither instance does the tcp1_CertificateRequested event ever fire. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 4:18 PM I'm going to send you some different DLL's in case there is something different between the shipping ones and the ones I have. Please review what I am assuming so far. Please correct me if I am wrong on any issues: 1) The service app is identical to the non-service app (except for the service code) 2) You got the PowerTCP test certificate into LocalMachine by first installing to the default store, then exporting it and importing it to LocalMachine 3) You are running both client AND server on the same machine |
| nowickim From: Austin, TX USA Posts: 16 Member Since: 02/13/04 |
posted February 25, 2004 4:31 PM Yes on #2 (in fact I re-did the entire process just to make sure) Yes on #3 No on #1 --- My application has not worked as a non-service app in some time. To recreate it as such would be nearly impossible. The way I was able to get it working previously was to set the service to log in under my account (as opposed to running under the System account). |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted February 25, 2004 4:36 PM OK. Try the new DLL when you get it. If that doesn't work, then start over by creating a very simple server / service and see if it gives the same error. If it does, zip up the simple project and email it to us and we will try it here. |
| Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|