In trying to call a REST method on a server app running on our local network from my app running on a handheld device, it fails with "Could not establish secure channel for SSL/TLS ...System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host" .
In more recent / full-featured versions of .NET, you can add this code to the client:
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
...as shown here to accept the server's response. This is not available for me in my Windows CE / Compact Framework app, though - although ServicePointManager is a "known quantity," ServerCertificateValidationCallback is not. This is part of the Windows.NET assembly, apparently, which is not available to me in this project.
So, assuming there is still a way to accomplish the same thing (accept the ssl-ified server's response), how can this be done in this scenario?
One proposed workaround was to add a class to my client like this:
namespace HHS
{
using System.Net;
using System.Security.Cryptography.X509Certificates;
class TrustAllCertificatesPolicy : ICertificatePolicy
{
public TrustAllCertificatesPolicy()
{
}
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest req,
int problem)
{
return true;
}
}
}
...and then call this on app startup (such as in the main form's Load() event):
private void frmMain_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatesPolicy();
}
...but I still get this exception in my log file:
Message: From FileXferREST.SendHTTPRequestNoCredentials(): Could not establish secure channel for SSL/TLS; Inner Ex: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.ReceiveNoCheck(Byte[] buffer, Int32 index, Int32 request, SocketFlags socketFlags)
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Connection.System.Net.ISslDataTransport.Receive(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.SslConnectionState.ClientSideHandshake()
at System.Net.SslConnectionState.PerformClientHandShake()
at System.Net.Connection.connect(Object ignored)
at System.Threading.ThreadPool.WorkItem.doWork(Object o)
at System.Threading.Timer.ring()
; Stack Trace: at System.Net.HttpWebRequest.finishGetRequestStream()
at System.Net.HttpWebRequest.GetRequestStream()
at HHS.FileXferREST.SendHTTPRequestNoCredentials(String uri, HttpMethods method, String data, String contentType)
. . .
BTW, TrustAllCertificatesPolicy's (empty) constructor is probably moot, as it is grayed out.
What is it, exactly, that the server is expecting from the client? Why is the server forcibly closing the connection?
UPDATE
On trying to determine if it's a problem in my client code or server code, I tried to hit the URL via Postman, but get this:
So, I followed the "importing SSL certificates in Chrome" link to see if that might help.
That [http://blog.getpostman.com/index.php/2014/01/28/using-self-signed-certificates-with-postman/] tells me:
Turns out that there is a better solution to solve this a problem, and it also avoids adding an exception to Chrome every time you start the browser. This is how you do it:
1. Go to the root URL in your browser. For ex. https://localhost
2. Click on the lock icon on the top left in the URL bar.
. . .
However, on entering https://localhost in Chrome, I get "This webpage is not available"
Trying http://localhost instead ("http" instead of "https"), OTOH, I get an "IIS7" image, with "welcome" in a slew of (human) langauges.
The, as to step 2 ("Click on the lock icon on the top left in the URL bar."), I see no such thing there; this is what I see:
So am I doomed?