Jason Viers
2007-09-11 16:41:40 UTC
I'm using WinHttp to access a website that requires a client cert. The
initial receiveResponse fails with
ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED, as expected. After setting a
client cert with WinHttpSetOption, the next SendRequest fails with
ERROR_WINHTTP_SECURE_FAILURE.
Also, the registred callback for WINHTTP_CALLBACK_FLAG_SECURE_FAILURE
isn't called. I've verified it's registered properly by performing a
request for a different URL that produces a "hostname mismatch" SSL
error, and the callback is properly executed.
I turned on WinHttpTracing, and this is the excerpt of the log where the
initial receive fails, the certificate is added, and the new request fails:
12:22:09.081 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x2f0c
[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
12:22:09.081 ::*0000001* :: WinHttpReceiveResponse: error 12044
[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
12:22:09.081 ::*0000001* :: WinHttpReceiveResponse() returning FALSE
12:22:09.081 ::*0000001* :: WinHttpSetOption(0xa10000, (47), 0x14b1c0
[0x1], 20)
12:22:09.081 ::*0000001* :: WinHttpSetOption() returning TRUE
12:22:09.081 ::*0000001* :: WinHttpSendRequest(0xa10000, "", 0, 0x0, 0,
0, 0)
12:22:09.081 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x8009030e
[SEC_E_NO_CREDENTIALS]
12:22:09.081 ::*0000001* :: WinHttpSendRequest: error 12175
[ERROR_WINHTTP_SECURE_FAILURE]
12:22:09.081 ::*0000001* :: WinHttpSendRequest() returning FALSE
Googling SEC_E_NO_CREDENTIALS shows some people with a similar problem
and no answers. It seems to be "No credentials are available in the
security package", which doesn't make much sense to me.
The certificate I'm assigning shows all the right properties with
CertGetNameString, and the certficate can be loaded in to IE and access
the website in question with no problem. There doesn't appear to be any
problem with the server cert either.
So 2 questions:
1. Why was the secure failure callback not invoked?
2. What can I do to find out more about this error?
Thanks
Jason
initial receiveResponse fails with
ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED, as expected. After setting a
client cert with WinHttpSetOption, the next SendRequest fails with
ERROR_WINHTTP_SECURE_FAILURE.
Also, the registred callback for WINHTTP_CALLBACK_FLAG_SECURE_FAILURE
isn't called. I've verified it's registered properly by performing a
request for a different URL that produces a "hostname mismatch" SSL
error, and the callback is properly executed.
I turned on WinHttpTracing, and this is the excerpt of the log where the
initial receive fails, the certificate is added, and the new request fails:
12:22:09.081 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x2f0c
[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
12:22:09.081 ::*0000001* :: WinHttpReceiveResponse: error 12044
[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
12:22:09.081 ::*0000001* :: WinHttpReceiveResponse() returning FALSE
12:22:09.081 ::*0000001* :: WinHttpSetOption(0xa10000, (47), 0x14b1c0
[0x1], 20)
12:22:09.081 ::*0000001* :: WinHttpSetOption() returning TRUE
12:22:09.081 ::*0000001* :: WinHttpSendRequest(0xa10000, "", 0, 0x0, 0,
0, 0)
12:22:09.081 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x8009030e
[SEC_E_NO_CREDENTIALS]
12:22:09.081 ::*0000001* :: WinHttpSendRequest: error 12175
[ERROR_WINHTTP_SECURE_FAILURE]
12:22:09.081 ::*0000001* :: WinHttpSendRequest() returning FALSE
Googling SEC_E_NO_CREDENTIALS shows some people with a similar problem
and no answers. It seems to be "No credentials are available in the
security package", which doesn't make much sense to me.
The certificate I'm assigning shows all the right properties with
CertGetNameString, and the certficate can be loaded in to IE and access
the website in question with no problem. There doesn't appear to be any
problem with the server cert either.
So 2 questions:
1. Why was the secure failure callback not invoked?
2. What can I do to find out more about this error?
Thanks
Jason