3

I have made a small console app in .NET Core for making REST/Http requests using .pfx/.p12 certificates during the validation process. The app works just fine when I provide it with a correct certificate with a correct password. But it crashes whenever I

  • load an invalid certificate
  • mistype the password associated to the certificate
  • if I tell the application not to load a certificate even though a certificate is needed.

More specifically I get the following exceptions:

System.Net.Http.HttpRequestException: 'The SSL connection could not be established, see inner exception.'

AuthenticationException: Authentication failed, see inner exception.

Win32Exception: The message received was unexpected or badly formatted

I would much rather get the HTTP response corresponding to an invalid invocation, which seems to be what I get when I use SOAPUI.

I use the following method for making a HttpClientHandler:

private static HttpClientHandler GetClientHandler(string certificate, string password)
{
    
    X509Certificate2 certPfx;

    try {
        certPfx = new X509Certificate2(certificate, password);
    }
    catch(CryptographicException e) {
        Console.WriteLine($ "Error occured while trying to load certificate: {e.Message}");
        return null;
    }

    var clientHandler = new HttpClientHandler();
    clientHandler.SslProtocols = SslProtocols.Tls12;
    clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
    clientHandler.ClientCertificates.Add(certPfx);
    clientHandler.ServerCertificateCustomValidationCallback += (HttpRequestMessage req, X509Certificate2 cert2, X509Chain chain, SslPolicyErrors err) = >true;
    return clientHandler;
}

And I use the following code for making the POST request:

using(var client = handler != null ? new HttpClient(handler, true) : new HttpClient())
{
    
    AddHeaders(client, headers);

    var httpContent = new StringContent(request.ToString(), Encoding.UTF8, "application/xml");

    Console.WriteLine("Response from service:");
    Console.WriteLine("----------------------");
    var response = await client.PostAsync(endpoint, httpContent);

    var responseString = await response.Content.ReadAsStringAsync();

    Console.WriteLine(responseString);
    Console.WriteLine("----------------------");
    Console.WriteLine("----------------------");
}
Improve this question
5
  • 3
    If you encounter a certificate error then the request never made it far enough to invoke a response from the service. I'm guessing that the SOAPUI handler is wrapping the error and "faking" the response. Commented Apr 10, 2019 at 9:18
  • Maybe ignore the error and pretend it's valid? stackoverflow.com/questions/109186/… Commented Apr 10, 2019 at 9:51
  • @Davesoft No, that's not a good idea... Commented Apr 10, 2019 at 11:40
  • I highly doubt that SoapUI generates the response itself since the response includes xml tag names that are specific to the service. Commented Apr 10, 2019 at 12:02
  • Is there really no standard way of doing this? Commented Apr 10, 2019 at 20:25
Related questions
165
bypass invalid SSL certificate in .net core
99
Add client certificate to .NET Core HttpClient
25
HTTPS request fails using HttpClient
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.