Error codes for certificate issues?

0 votes
asked Aug 14 by Rebex KB (8,240 points)

(This question was converted from a comment by RajaK)

Very good evening.
am using Rebex http.dll for Weservices connection with my remote server though https.
I got one requirement to fallback to http mode if we facing below exceptions.

i. Whenever the trust between the client and server cannot be established via https
ii. When the client certificate is expired
iii. When the client certificate cannot be found
iv. When the client certificate does not have the private key
v. When the client certs fails any basic checks

- is there any Error code for above scenario that I can capture in application layer to try to reconnect with http mode?

1 Answer

0 votes
answered Aug 14 by Lukas Pokorny (95,330 points)

Hello,

i) When the trust between the client and server cannot be established via TLS (HTTPS is HTTP over TLS), a TlsException is thrown and will appear in the exception chain cought by your application. To find the TlsException, pass the caught exception to a routine such as this one:

    private TlsException GetTlsException(Exception error)
    {
        while (error != null)
        {
            var tlsError = error as TlsException;
            if (tlsError != null)
            {
                return tlsError;
            }

            error = error.InnerException;
        }

        return null;
    }

However, we have to point out that it is strongly discouraged to fall back to HTTP mode when HTTP over TLS does not work. Doing so would make it trivial for an attacker to force your connections into unencrypted mode simply by disrupting the TLS traffic.

ii), iii), v) Once you find the TlsException using the approach described above, inspect its ProtocolMessage property. It will contain one of the following values:
CloseNotify
UnexpectedMessage
BadRecordMac
DecryptionFailed
RecordOverflow
DecompressionFailure
HandshakeFailure
NoCertificate
BadCertificate
UnsupportedCertificate
CertificateRevoked
CertificateExpired
CertificateUnknown
IllegalParameter
UnknownCa
AccessDenied
DecodeError
DecryptError
ExportRestriction
ProtocolVersion
InsufficientSecurity
InternalError
UserCanceled
NoRenegotiation
UnknownError

These correspond to TLS error alerts and include certificate errors you are interested in.

iv) When the client certificate returned by a certificate request handler doesn't is not associated with a private key, a TlsException with ProtocolMessage of "InternalError" and a Message of "Certificate does not have a private key." will be thrown. It's recommended to prevent this from occurring by making sure that the certificate retured by a custom certificate request handler has a private key - use Certificate's HasPrivateKey method to make sure.

commented Aug 24 by RajaK (110 points)
Part2:
2018-08-24 10:40:24 DEBUG Ftp(1)[76811706] TLS: Error while sending data over TLS: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.SendNoCheck(Byte[] buffer, Int32 index, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at tsvy.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at Rebex.Net.ProxySocket.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at ttac.nkjw()
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:24 INFO Ftp(1)[76811706] TLS: Alert Alert:Alert was sent.
2018-08-24 10:40:24 INFO Ftp(1)[76811706] TLS: State StateChange:Closed
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: Rebex.Net.TlsException: Connection was closed by the remote connection end. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.SendNoCheck(Byte[] buffer, Int32 index, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at tsvy.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at Rebex.Net.ProxySocket.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at ttac.nkjw()
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:24
commented Aug 24 by RajaK (110 points)
Part 3:
ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

 - pelase share mail Id to send. the log file
commented Aug 24 by Lukas Matyska (47,270 points)
You can send it to support@rebex.net - also, email is preferred communication support channel. However, if you prefer forum.rebex.net you can continue using it. It is up to you.

I will wait for the log, and I will reply to your email.
commented Aug 24 by RajaK (110 points)
I have just forwarded the logs  Lukas.
commented Aug 24 by Lukas Matyska (47,270 points)
Thank you, I will reply in minute.
...