Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Hi,
What does following log mean? Does error “Failed to read incoming handshake messages” mean server respond problem?
ChilkatLog:
SynchronousRequest:
DllDate: Jul 10 2013
ChilkatVersion: 9.4.1.26
UnlockPrefix: GAOSAMHttp
Username: THINKPAD-SAM:ThinkPad
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
domain: https://example.com.cn
port: 443
ssl: 1
RequestData:
HttpVersion: 1.1
Verb: POST
Path: /services
Charset: gb2312
SendCharset: 0
MimeHeader: Content-Type: text/xml
--RequestData
ReadTimeout: 20
ConnectTimeout: 10
httpConnect:
hostname: example.com.cn
port: 443
ssl: 1
Need to establish connection to the HTTP server...
ConnectTimeoutMs_1: 10000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: ws-gateway-cert-qs.vgc.com.cn
resolveHostname1:
Resolving domain name (IPV4) via gethostbyname
--resolveHostname1
GetHostByNameHB_ipv4: Elapsed time: 1046 millisec
myIP_1: 192.168.1.107
myPort_1: 51560
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
readIncomingTls_serverHello:
processTlsRecord:
processHandshake:
handshakeMessageType: ServerHello
handshakeMessageLen: 0x46
processHandshakeMessage:
MessageType: ServerHello
Processing ServerHello...
ServerHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuite: RSA_WITH_AES_256_CBC_SHA
CipherSuite: 00,35
CompressionMethod: 0
Queueing ServerHello message.
ServerHello is OK.
--ServerHello
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_serverHello
HandshakeQueue:
MessageType: ServerHello
--HandshakeQueue
Dequeued ServerHello message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: Certificate
handshakeMessageLen: 0x846
processHandshakeMessage:
MessageType: Certificate
ProcessCertificates:
Certificate:
derSize: 1024
certSubjectCN: example.com.cn
certSerial: 0E4A49
certIssuerCN: VW-CA-PROC-06
--Certificate
Certificate:
derSize: 1085
certSubjectCN: VW-CA-PROC-06
certSerial: 03A133
certIssuerCN: VW-CA-ROOT-04
--Certificate
NumCertificates: 2
Queueing Certificates message...
--ProcessCertificates
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
Dequeued Certificate message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: CertificateRequest
handshakeMessageLen: 0x11d
processHandshakeMessage:
MessageType: CertificateRequest
CertificateRequest:
NumCertificateTypes: 3
Certificate Type: RSA Sign
Certificate Type: DSS Sign
OtherCertificateType: 64
totalLen: 279
DistinguishedName: DC=com, DC=VWPKI, CN=VW-CA-ROOT-04
DistinguishedName: DC=com, DC=VWPKI, CN=VW-CA-PROC-06
DistinguishedName: DC=com, DC=VWPKI, CN=VW-CA-ROOT-05
NumDistinguishedNames: 3
CertificateRequest message is OK.
Queueing CertificateRequest message.
--CertificateRequest
--processHandshakeMessage
handshakeMessageType: ServerHelloDone
handshakeMessageLen: 0x0
processHandshakeMessage:
MessageType: ServerHelloDone
Queueing HelloDone message.
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
Dequeued CertificateRequest message.
DequeuedMessageType: ServerHelloDone
OK to ServerHelloDone!
Sending 0-length certificate (this is normal).
CertificatesMessage:
numCerts: 0
CertificateSize: 0x3
--CertificatesMessage
Encrypted pre-master secret with server certificate RSA public key is OK.
Sending ClientKeyExchange...
Sent ClientKeyExchange message.
Sending ChangeCipherSpec...
Sent ChangeCipherSpec message.
Derived keys.
Installed new outgoing security params.
Sending FINISHED message..
algorithm: aes
keyLength: 256
Sent FINISHED message..
readIncomingTls_changeCipherSpec2:
processTlsRecord:
processAlert:
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
Closing connection in response to fatal error.
--processAlert
--processTlsRecord
--readIncomingTls_changeCipherSpec2
Failed to read incoming handshake messages. (3)
Client handshake failed. (3)
Failed to connect.
--httpConnect
connectTime1: Elapsed time: 1201 millisec
totalTime: Elapsed time: 1201 millisec
Failed.
--SynchronousRequest
--ChilkatLog
LastHeader:
Sam
The server is requesting a client-side certificate for authentication. It can be seen from this part of the LastErrorText:
processTlsRecord:
processHandshake:
handshakeMessageType: CertificateRequest
handshakeMessageLen: 0x11d
Your application, however, did not provide one. In this case, Chilkat will send a 0-length Certificates message, which is the only choice. See this part of the LastErrorText:
Sending 0-length certificate (this is normal).
CertificatesMessage:
numCerts: 0
CertificateSize: 0x3
--CertificatesMessage
The solution is to provide an adequate client-side certificate via either the http.SetSslClientCert or http.SetSslClientCertPfx methods.
Here is my code, I do use the "http.SetSslClientCert', please let me know what's wrong in the code?
Thanks
http := TChilkatHttp.Create(Self);
// Any string unlocks the component for the 1st 30-days.
success := http.UnlockComponent('XXXXXX');
if (success <> 1) then
begin
ShowMessage(http.LastErrorText);
Exit;
end;
cert := TChilkatCert.Create(Self);
success := cert.LoadPfxFile(programpath+'TAMRCHQ.p12','4X019JT8');
if (success <> 1) then
begin
Memo1.Lines.Add(cert.LastErrorText);
Exit;
end;
http.SetSslClientCert(cert.ControlInterface As CHILKATHTTPLib_TLB.IChilkatCert);<====here I set the client cert.
xml := TChilkatXml.Create(Self).ControlInterface;
success := xml.LoadXmlFile('test.xml');
if (success <> 1) then
begin
ShowMessage(xml.LastErrorText);
Exit;
end;
req := TChilkatHttpRequest.Create(Self);
strXml := xml.GetXml();
req.UseXmlHttp(strXml);
req.AddHeader('SOAPAction','http://xmldefs.volkswagenag.com/Wholesale/TelematicEventNotificationService/V1/TelematicEventNotificationServicePortType/ProcessAliveTest');
domain := 'https://example.com.cn';
req.Path:='/services';
port := 443;
ssl := 1;
resp := http.SynchronousRequest(domain,port,ssl,req.DefaultInterface);
if (resp = nil ) then
begin
Memo1.Lines.Add(http.LastErrorText);
Memo1.Lines.Add('LastHeader:');
Memo1.Lines.Add(http.LastHeader);
end
else begin
responseStatusCode := resp.StatusCode;
// You may wish to verify that the responseStatusCode equals 200...
Memo1.Lines.Add('Response Status Code: '
+ IntToStr(responseStatusCode));
// You may examine the exact HTTP header sent with the POST like this:
Memo1.Lines.Add('LastHeader:');
Memo1.Lines.Add(http.LastHeader);
// Examine the XML returned by the web service:
Memo1.Lines.Add('XML Response:');
xmlResp := TChilkatXml.Create(Self).ControlInterface;
success := xmlResp.LoadXml(resp.BodyStr);
// Assume the LoadXml is successful...
// Get rid of the SOAP wrappings and get to the meat of this particular response.
// The TagContent method returns the content of the 1st node in the XML document
// having a specific tag:
unwrappedXml := xmlResp.TagContent('tns:AcknowledgeAliveTest');
Memo1.Lines.Add(unwrappedXml);
// The unwrapped XML could be loaded into an XML object and parsed...
xmlMeat := TChilkatXml.Create(Self).ControlInterface;
success := xmlMeat.LoadXml(unwrappedXml);
// ...
end;
It may be that you also need an update for the ChilkatCert.dll Please download and use this one:
http://www.chilkatsoft.com/preRelease/ChilkatCert-9.5.0-win32.zip
Also, make sure to check the return value of the call to http.SetSslClientCert, to make sure that it did not fail..
I've updated the new "ChilkatCert.dll", just copied to "C:Program Files (x86)Chilkat Software IncChilkat HTTP ActiveX", is this operation correct?
Then I run application again, got following log. It said "The private key is not marked as exportable.". How can I make it exportable?
cert := TChilkatCert.Create(Self);
success := cert.LoadPfxFile(programpath+'TAMRCHQ.p12','4X019JT8');
if (success <> 1) then
begin
Memo1.Lines.Add(cert.LastErrorText);
Exit;
end;
success := http.SetSslClientCert(cert.ControlInterface As CHILKATHTTPLib_TLB.IChilkatCert);
if (success <> 1) then
begin
Memo1.Lines.Add(http.LastErrorText);
Exit;
end;
log:
ChilkatLog:
SetSslClientCert:
DllDate: Jul 10 2013
ChilkatVersion: 9.4.1.26
UnlockPrefix: SDDD
Username: THINKPAD-SAM:ThinkPad
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
The private key is not marked as exportable.
Chilkat must have access to the private key in order to use it in the SSL/TLS handshake.
Failed.
--SetSslClientCert
--ChilkatLog