I tried downloading the github file release from vb with this code
Short code
Dim DataDownload As String = "https://github.com/ianpwk/FindMyWaifu/releases/download/0.0.0.20/FindMyWaifuPortable.zip"
Full Code in Pastebin
Showing error "The request was aborted: Could not create SSL / TLS secure channel."
Related
Background: Console app built in .Net 4.6.2
Dll: Restsharp 106.15.0.0
Mono: Mono JIT compiler version 6.12.0.122
API Endpoint: http server (not https)
At first I thought I was going mad as all was working okay on windows but when I run my console app on Debian (v9), it will constantly fail with the error: unable to read data from the transport connection. I've narrowed it down to restsharp and not a api/server issue.
When I run a debugger in parallel (HTTP Debugger) I can see the request go out from my console app on Debian and I can also see the endpoint return a result with content! This content does not come into restsharp and so restsharp gives me a content-length of 0 and an error message of:
unable to read data from the transport connection: An existing connection was forcibly closed by the remote host
Any ideas please?
Code to trigger restsharp:
Dim myUri As New Uri(url)
Dim client = New RestSharp.RestClient(myUri)
Dim request = New RestRequest With {.Method = Method.GET}
request.AddHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9")
request.AddHeader("Connection", "keep-alive")
Dim response As RestResponse = client.Execute(request)
Dim strResponse as String = response.Content)
(I've also tried without sending the headers - makes no difference, same error message)
Thanks
I'm kinda at a loss here.
Trying to set up proton with SSL / TLS access, but after creating the certificates with the (modified) shell scripts
supplied by the AppDev-Pack and linking the keyring and everything in notes.ini, I always seem to get
the error "Handshake failed with fatal error SSL_ERROR_SSL: error: 100000f7:SSL routines:OPENSSL_internal:
WRONG_VERSION_NUMBER".
Tried both a windows and linux server, as well as using the accessing node.js app with and without
certificates - but with no success.
Also tried the troubleshoot section of https://doc.cwpcollaboration.com/appdevpack/docs/en/proton-admin.html and it connected just fine,
but won't if i connect with node.js.
Looks like the error is thrown before a certificate is even checked?
In this example the error is thrown after trying to get a document by UNID.
notes.ini (proton parts)
gRPC Client Error
If someone has an idea how to fix that issue or where to start - that would really help me.
Thanks in advance.
It appears that the client side does not have the secure flag set. At least I get a similar stack when I try to connect without TLS when the server expects TLS.
See the secure attribute when calling useServer() function, and you'll also need to provide the credentials attributes.
What we are trying to do is send an email from a pod (running Linux based on the image "microsoft/dotnet") on a client's Openshift environment using MailKit:
https://github.com/jstedfast/MailKit
We get an exception thrown when trying to set up the SSL Handshake:
MailKit.Security.SslHandshakeException: An error occurred while
attempting to establish an SSL or TLS connection.
System.Security.Cryptography.CryptographicException: Error occurred
during a cryptographic operation
We have tried using the.NET SMTP client as well and it worked (using a secure connection)! Unfortunately this component is now obsolete and Microsoft recommends to use MailKit.
Going through the .NET source code the exception raised is a generic catch all exception which looks like it comes from unexpected code returned from the OpenSSL library. Unfortunately I can't see how to get the error code (it is logged using "Debug.Fail", but I am unable to setup a trace to see it) so I am not sure what it is.
I have written a test just to build the X509Chain. When we have the Revocation Mode set to Online (the default) we get the exception. When the revocation is disabled it seems to build the chain OK.
When I run the test on our Test Openshift environment that is totally independent to the client's we get the following error, but do not see the exception: "unable to get certificate CRL"
The only thing I have noticed about the Revocation List is that there is a LDAP and HTTP URLs. Perhaps there is an issue processing the LDAP URL?
Any help on this would be appreciated!
This is something you should report to github.com/microsoft/dotnet
I am trying to hit the third party webservice using SOAP UI and getting below exception:
ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
I dont have cacert or keystore from the third party webservice but I have signature.By using signature I'm able to hit the third party webservice through my application.
How to configure this signature in SOAP UI?
Adding below parameter to C:\Program Files\SmartBear\SoapUI-5.2.1\bin\SoapUI-5.2.1.vmoptions worked for me.
-Dsoapui.https.protocols=TLSv1.2,SSLv3
Check this link
Quick fix: Upgrade to SoapUI version 5.4.0. This will fix the SSL handshake issue.
After i put below line in file SoapUI-5.2.1.vmoptions. It worked fine for me.
File Path : SoapUI-5.2.1\bin\SoapUI-5.2.1.vmoptions
Add below Line:
-Dsoapui.https.protocols=TLSv1.2,SSLv3
I had 5.5 SOAP UI and calling an gateway API hosted in https URL.
I tried all the java versions , TLS protocol nothing worked for me.
I downloaded the certificate (for me it was truststore.jks) which I was using to connect to API , use certificate password ( used to see all the certificates in your ) and check the Check box as shown in image. I am able to make a https connection.
This is an old thread but my solution might help someone.
In SoapUI version 5.3.0 I solved this problem by removing line:
if exist "%SOAPUI_HOME%..\jre\bin" goto SET_BUNDLED_JAVA
from the soapui.bat and then using soapui.bat for program execution. It seems that Java embedded with SoapUI is a different version than mine which is JRE 1.8.0_131.
For me, only ssl changes did not work.
Check your
java version
it may differ from SOAP-UI jre
at his case got to smartbear\SoapUI-5.2.1\bin directory open soapui.bat
update with compatible java version like:
REM set JAVA=%SOAPUI_HOME%..\jre\bin\java
set JAVA=D:\Program Files\java\jdk1.8.0_162\bin\java
close the first line with rem and update java dir.
run soapui.bat
The problem it's the compatibility between your Java installed on your computer and the Java who is used by soap (for me it's SOAPUI-5.5.0)
SOAP UI was not supporting very well the last version installed of Java.
Modify the file soapui.bat in (usualy installed here)
C:\Program Files (x86)\SmartBear\SoapUI-5.4.0\bin\soapui.bat
You can see there two lines :
if exist "%SOAPUI_HOME%..\jre\bin" goto SET_BUNDLED_JAVA
if exist "%JAVA_HOME%" goto SET_SYSTEM_JAVA
First line SoapUi is setting the jre directory to the one in is own folder
Second line SoapUi is saying than if you have java installed, use this one instead.
So you just have to comment the second line like that :
if exist "%SOAPUI_HOME%..\jre\bin" goto SET_BUNDLED_JAVA
rem if exist "%JAVA_HOME%" goto SET_SYSTEM_JAVA
And for me it's works where whith all other kind of action (permitting TLS1.1 etc) dont.
I have come across what I think is a bug preventing me from loading an X509Certificate2 on Ubuntu or the Debian-based docker image provided by Microsoft. This means that I can't initialise JwtAuthentication in my web API on these platforms, and I'm looking for help:
Are you successfully using JwtAuthentication on Linux?
If so, how are you initialising an X509Certificate for the JwtBearerOptions?
Can you see a problem with what I'm doing, or suggest a work-around or solution?
I have logged the issue with the corefx team and you can see the full discussion here, but below is the main description of the problem:
I have a Web API running in a docker container. The container is built from the provided 1.1.0 package:
FROM microsoft/aspnetcore:1.1.0
and the Web API binaries are copied in. The API runs fine and returns data as expected until I turn on authentication, at which point it needs an X509SecurityKey to set the TokenValidationParameters.IssuerSigningKey value. It throws an exception when it attempts to initialise an X509Certificate2 from a string value:
string certValue = certificate.Value;
byte[] byteCert = Encoding.ASCII.GetBytes(certValue);
return new X509Certificate2(byteCert);
throws an OpenSslCryptographicException:
Unhandled Exception: System.Exception: Failed to extract the Token Signing certificate from the Federation metadata. --->
Interop+Crypto+OpenSslCryptographicException: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
at Internal.Cryptography.Pal.CertificatePal.FromBlob(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] data)
at Mercury.Shared.Rest.Authentication.AdfsFederationMetadata.GetSigningCertificate()
The string value from which the X509Certificate2 is being initialised is:
MIIC4jCCAcqgAwIBAgIQHWt3kGySgJxPtsalC0EoKzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJBREZTIFNpZ25pbmcgLSBzdHMuYWxsYW5ncmF5LmNvLnphMB4XDTE2MDkwNzA5MDQyM1oXDTE3MDkwNzA5MDQyM1owLTErMCkGA1UEAxMiQURGUyBTaWduaW5nIC0gc3RzLmFsbGFuZ3JheS5jby56YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdq9BEuBRPsTdpngeFyXbfH5lBg5WyENQW0qz2FtDw3AvZhiPdFyvTPZIeZDc4vhg+gPuG8pCxhFa6hPqNIwnLSVuyhUi4/CtZrLghF2wVVcyriijvirzdVp2m56nO31NB5HXbSerTmey1gJsgumr+MiaM2CEI9z5ctwAp66jqM9jVv7kzqIwB33irSck+X97jUa9XVa0/0QPBdrSVUR0i4rmfZ9orRdTKC3IA13bD9duk2Kc9V7t8t/woo80Kbbb3ZseYk5N8AI+7RRw9+oSAm8zZQzBYkNkAMeI1mto1faXsm9Aea4HXbyCbvVOx/JGj5Ki7YK/BtzWAyCgRu0TkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAd9rdJ1V9te8njMHiEuvr1DLVUBt2YdpZ8qGFC2rWDKeEW8iARrMfbtrlQovvE1radxoZ2gWR1AaaoEqzmLvF9fEAZ7xjR2P2UlT+ZgntfMn/c+3j7gWnfGNHIjosaYiyF72q4k6bgOx1TV8X08kD2AMBH27utXeeUQTZTd0bUWaWpr76NrDB95k4P6d0t5bkYsguiQjV+2t5/dSvrbTPVbXQmWGyC53IS2OI37AI2bIaeCCDkRHDoxu+L/DtgH8N60k2CLfa+pf0/cxQCR39p4Z+tquVKfYgJIsdZLD6bbrqK9VdpSR2vyUcDLMTGnO0tuDuzBd/xdhJ0GKbnBv3+g==
The same code runs with no problem on Windows, building a certificate from the same string.
Edit: Note that while I initially encountered this problem running a docker image, subsequent testing has shown that it also occurs using Ubuntu 14.04 + .NET Core 1.1
The problem here is that what is being passed to the constructor are the bytes of the base64 representation of the key, and not the bytes of the key itself.
If this code works on Windows then maybe it's a good idea to create an issue in the .net core github referencing this problem.
Thanks for the answer. For those who would like to copy and paste:
var certificateWithoutHeaderAndFooter = certificateString
.Replace("\\n","")
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "");
var certificateBytes = Convert.FromBase64String(certificateWithoutHeaderAndFooter);
var certificate = new X509Certificate2(certificateBase64Bytes);