Do NOT cache SSL certificates on the client side – How to post XML asynchronously and read the response using HttpClient in c#

I had one hell of a day yesterday. The evening before, I’d renewed the certificate on a WCF service of ours, because the old one was about to expire. After renewing it, I tested the service to confirm that I could still access it, now that it uses the new certificate. I could reach it from my notebook and my home computer; I could post requests to it, and it responded appropriately. All was well, so I went offline and proceeded to play Torchlight II, which is what I do in my spare time these days.

But things didn’t go so well for our major client… the one who sends thousands of requests every day, which come from their portal via their clients. They got this error:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

I wasted many hours on this yesterday, and was totally stumped. I confirmed that the service was accessible from many different computers, even their development machines, but not from their server. I’m not going to tell you what they did wrong exactly, because I have no access to their server, but it seems that somehow they cached our certificate on their server. How? I have no fucking idea…

To put it into perspective, here’s some c# code to post XML to an imaginary service which is very much like ours. It’s just a quick hack that I threw together in 5 minutes, and it has no error handling because this is just an example, but it works. Note that to use SSL, all it needs to do is specify https in the Uri. It shouldn’t be doing anything with the certificate.

What I did here was:

  1. In .Net framework version 4.5+, start a new Windows Forms application.
  2. Add a reference to the System.Net.Http assembly.
  3. Drop a button on the form, and name it btnTest.
  4. Add to the uses list of the form’s code-behind: using System.Net.Http;
  5. Double-click the button and add the code below.
        private async void btnTest_Click(object sender, EventArgs e)
        {
            string xmlContent = "Let's pretend this is valid XML, OK?";

            using (var client = new HttpClient())
            {
                var httpContent = new StringContent(xmlContent, Encoding.UTF8, "application/xml");
                var testUri = new Uri("https://www.YourServerName.com/AService.svc/DemoAction");
                var httpResponseMessage = await client.PostAsync(testUri, httpContent);

                if (httpResponseMessage.StatusCode == HttpStatusCode.OK)
                {
                    var messageContents = await httpResponseMessage.Content.ReadAsStringAsync();
                    MessageBox.Show(messageContents);
                }
            }
        }
Advertisements

About Jerome

I am a senior C# developer in Johannesburg, South Africa. I am also a recovering addict, who spent nearly eight years using methamphetamine. I write on my recovery blog about my lessons learned and sometimes give advice to others who have made similar mistakes, often from my viewpoint as an atheist, and I also write some C# programming articles on my programming blog.
This entry was posted in Programming and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s