0 votes
by (790 points)
edited by

We have devices running Windows Mobile (Windows Embedded Handheld) 6.5.3 and a .NET Compact Framework 3.5 application using the Rebex HTTPS Library Version R5.4 Legacy Edition.

We register the Library using the following code:

HttpRequestCreator creator = new HttpRequestCreator();
creator.Settings.AutoConnectToInternet = AutoConnectType.Enabled; 
creator.Settings.HttpSessionCacheEnabled = true; 
creator.Settings.HttpSessionCacheTimeout = httpSessionCacheTimeout; 
creator.Settings.SslAcceptAllCertificates = false; 
creator.Settings.SslAllowedCurves = TlsEllipticCurve.All; 
creator.Settings.SslAllowedSuites = TlsCipherSuite.Secure; 
creator.Settings.SslAllowedVersions = TlsVersion.TLS12; 
creator.Settings.SslAllowVulnerableSuites = false; 
creator.Settings.SslRenegotiationExtensionEnabled = true; 
creator.Settings.SslSessionCacheEnabled = true; 
creator.Settings.SetPreferredSuites( 
    TlsCipherSuite.ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
    TlsCipherSuite.ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    TlsCipherSuite.DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    TlsCipherSuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    TlsCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    TlsCipherSuite.DHE_RSA_WITH_AES_128_GCM_SHA256
);
creator.Settings.SslPreferredHashAlgorithm = SignatureHashAlgorithm.SHA256; 
creator.Settings.SslServerCertificateValidationOptions |= Rebex.Security.Certificates.ValidationOptions.IgnoreTimeNotNested; 
creator.ValidatingCertificate += new EventHandler<SslCertificateValidationEventArgs>(creator_ValidatingCertificate);
creator.Register();
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
AsymmetricKeyAlgorithm.Register(Curve25519.Create);

The creator_ValidatingCertificate code is:

static void creator_ValidatingCertificate(object sender, SslCertificateValidationEventArgs e) {
    String hostName = e.ServerName;
    ValidationOptions validationOptions = e.Options;

    ValidationResult res = e.CertificateChain.Validate(hostName, validationOptions);
    if (res.Valid) {
        // some logging
        e.Accept();
        return;
    } else {
        // some logging
        e.Reject(res.Status);
        return;
    }
}

Connecting to drive.google.com, we get a WebException with the status SecureChannelFailure.

In the Rebex HTTPS log we get the following CryptographicException:

2021-09-16 14:27:57 DEBUG HttpRequest(8)[-1987774026] TLS: Certificate verification failed: System.Security.Cryptography.CryptographicException: Primitive explicit node encountered.
at hmpsn.xetgg.wvhvk(gtcxn p0, Boolean p1, Int32 p2)
at hmpsn.bziny.Write(Byte[] buffer, Int32 offset, Int32 count)
at hmpsn.bziny.fksqk(hopnj p0, Byte[] p1, Int32 p2, Int32 p3)
at hmpsn.bziny.ulbsp(hopnj p0, Byte[] p1)
at Rebex.Security.Cryptography.Pkcs.CertificateRevocationList.xodis()
at hmpsn.qzybw.fakih(Certificate p0, Certificate p1, sdsyu p2)
at hmpsn.qzybw.zhrkt()
at hmpsn.qzybw.klukv()
at Rebex.Security.Certificates.EnhancedCertificateEngine.Validate(CertificateChain chain, CertificateValidationParameters parameters)
at Rebex.Security.Certificates.CertificateChain.mvpha(CertificateChainEngine p0, Certificate p1, CertificateStore p2, String p3, ValidationOptions p4)
at Rebex.Security.Certificates.CertificateChain.Validate(String serverName, ValidationOptions options, CertificateChainEngine engine)
at …
at hmpsn.gzdfa.Verify(TlsSocket socket, String commonName, CertificateChain certificateChain)
at hmpsn.kuehd.vjflp(String p0, String p1, CertificateChain p2)
at hmpsn.kuehd.jnqbb(Byte[] p0, Int32 p1, Int32 p2, bcopp p3)
at hmpsn.kuehd.hdwna(Byte[] p0, Int32 p1, Int32 p2)
at hmpsn.cylkt.kkwov(Byte[] p0, Int32 p1, Int32 p2)
at hmpsn.cylkt.cektv()
at hmpsn.cylkt.clbfg()
at Rebex.Net.TlsSocket.Negotiate()
at hmpsn.ertak.ntjsh(ISocket p0)
at hmpsn.hstcj.dwzuq(String p0, Int32 p1, Boolean p2)
at hmpsn.fdpyu.tkfsi()
at hmpsn.fdpyu.gfsqq(Boolean p0)
at hmpsn.fdpyu.vicsb()
at Rebex.Net.HttpRequest.wijuh()
at Rebex.Net.HttpRequest.frwjt()
at Rebex.Net.HttpRequest.hbdbd()
at Rebex.Net.HttpRequest.GetResponse()
at …
at System.Windows.Forms.Control.WnProc(WM wm, Int32 wParam, Int32 lParam)
at System.Windows.Forms.Control._InternalWnProc(WM wm, Int32 wParam, Int32 lParam)
at Microsoft.AGL.Forms.EVL.EnterMainLoop(IntPtr hwnMain)
at System.Windows.Forms.Application.Run(Form fm)
at Program.Main(String[] args)

Using the older Version 2019R3.5 on the same device, connecting to drive.google.com works flawlessly.

Can you guys help us?

Applies to: Rebex HTTPS

1 Answer

0 votes
by (72.7k points)

The error is caused by a check in CRL parser. We are now investigating whether the CRL breaks the specification or not.

I have sent you link (using mail) to hotfix version, which disables the problematic check. Please, give it a try.

asked Sep 19, 2021 by (790 points)
edited Sep 20, 2021 by
Clarification for certificate engine needed
...