Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
I´m using your socket/ssl API to connect to server over SSL. I think, that everything is set correctly.
Here is chilkat log:
Language: ActiveX
objectId: 1
hcCurDate: Thu, 12 Jul 2012 14:26:56 +0200
hcExpire: 7/2012
hostname: https://server.cz
port: 443
ssl: 1
maxWaitMs: 20000
ConnectTimeoutMs_1: 20000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: server.cz
dnsCacheLookup: server.cz
Resolving domain name (IPV4)
GetHostByNameHB_ipv4: Elapsed time: 156 millisec
myIP_1: 10.139.10.34
myPort_1: 3774
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
handshakeMessageType: ServerHello
handshakeMessageLen: 0x46
processHandshakeMessage:
MessageType: ServerHello
Processing ServerHello...
ServerHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuite: RSA_WITH_RC4_128_SHA
CipherSuite: 00,05
CompressionMethod: 0
Queueing ServerHello message.
ServerHello is OK.
--ServerHello
--processHandshakeMessage
HandshakeQueue:
MessageType: ServerHello
--HandshakeQueue
Dequeued ServerHello message.
handshakeMessageType: Certificate
handshakeMessageLen: 0x1027
processHandshakeMessage:
MessageType: Certificate
ProcessCertificates:
Certificate:
derSize: 1473
certSubjectCN: server.cz
certSerial: 31B8AA9D000000000031
certIssuerCN: ISZR AIS CA
--Certificate
Certificate:
derSize: 1200
certSubjectCN: ISZR AIS CA
certSerial: 13F82CCC000000000003
certIssuerCN: ROOT CA SZR
--Certificate
Certificate:
derSize: 1450
certSubjectCN: ROOT CA SZR
certSerial: 686433AB95C15B854A2E06D1E7563B0F
certIssuerCN: ROOT CA SZR
--Certificate
NumCertificates: 3
Queueing Certificates message...
--ProcessCertificates
--processHandshakeMessage
Dequeued Certificate message.
handshakeMessageType: CertificateRequest
handshakeMessageLen: 0x137
processHandshakeMessage:
MessageType: CertificateRequest
CertificateRequest:
NumCertificateTypes: 1
Certificate Type: RSA Sign
totalLen: 307
DistinguishedName: C=CZ, ST=SZR, L="Obec=Obec,Ulice=Ulice,PSC=12345", O=123456, OU=123-E/OVER, CN=CN
DistinguishedName: C=CZ, L=Praha, O=SZR CR, CN=ROOT CA SZR
DistinguishedName: C=CZ, L=Praha, O=SZR CR, CN=ISZR AIS CA
NumDistinguishedNames: 3
CertificateRequest message is OK.
Queueing CertificateRequest message.
--CertificateRequest
--processHandshakeMessage
Dequeued CertificateRequest message.
handshakeMessageType: ServerHelloDone
handshakeMessageLen: 0x0
processHandshakeMessage:
MessageType: ServerHelloDone
Queueing HelloDone message.
--processHandshakeMessage
DequeuedMessageType: ServerHelloDone
OK to ServerHelloDone!
Sending client-side certificate(s)...
CertificatesMessage:
numCerts: 1
certificate:
SubjectCN: ISZERO.server.cz
SerialNumber: 5BF15BD7000000000165
--certificate
CertificateSize: 0x517
--CertificatesMessage
Encrypted pre-master secret with server certificate RSA public key is OK.
Sending ClientKeyExchange...
Sent ClientKeyExchange message.
Sending CertificateVerify...
Calculating cert verify MAC for TLS 1.*
signatureSize: 256
Sending ChangeCipherSpec...
Sent ChangeCipherSpec message.
Derived keys.
Installed new outgoing security params.
Sending FINISHED message..
algorithm: arc4
keyLength: 128
Sent FINISHED message..
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
Closing connection in response to fatal error.
Failed to read incoming handshake messages. (3)
Client handshake failed.
Failed.
--Connect_Socket --ChilkatLog
Try connecting without using a client-side certificate. I just tested the same by connecting to port 443 of server.cz, and everything worked fine.
Here's my LastErrorText:
ChilkatLog:
Connect_Socket:
DllDate: Aug 10 2012
UnlockPrefix: UNTTSTSocket
Username: CK2007:Chilkat
Architecture: Little Endian; 32-bit
Language: Visual C++ 6.0
VerboseLogging: 1
objectId: 2
hostname: server.cz
port: 443
ssl: 1
maxWaitMs: 10000
ConnectTimeoutMs_1: 10000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: server.cz
GetHostByNameHB_ipv4: Elapsed time: 219 millisec
myIP_1: 192.168.1.126
myPort_1: 3448
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
Received SSL 3.0 or TLS record...
m_contentType: 22
m_majorVersion: 3
m_minorVersion: 1
msgLen: 74
TlsRecord:
ContentType: Handshake
Protocol: TLS 1.0
PacketLen: 74
LengthMsb: 0x0
LengthLsb: 0x4a
--TlsRecord
processTlsRecord:
ProcessTlsRecord:
ContentType: Handshake
handshakeMessageType: ServerHello
handshakeMessageLen: 0x46
handshakeMessageLen: 70
nBytesLeft: 70
processHandshakeMessage:
MessageType: ServerHello
Processing ServerHello...
ServerHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuite: RSA_WITH_AES_256_CBC_SHA
CipherSuite: 00,35
CompressionMethod: 0
Queueing ServerHello message.
ServerHello is OK.
--ServerHello
--processHandshakeMessage
--ProcessTlsRecord
--processTlsRecord
HandshakeQueue:
MessageType: ServerHello
--HandshakeQueue
Dequeued ServerHello message.
Received SSL 3.0 or TLS record...
m_contentType: 22
m_majorVersion: 3
m_minorVersion: 1
msgLen: 936
TlsRecord:
ContentType: Handshake
Protocol: TLS 1.0
PacketLen: 936
LengthMsb: 0x3
LengthLsb: 0xa8
--TlsRecord
processTlsRecord:
ProcessTlsRecord:
ContentType: Handshake
handshakeMessageType: Certificate
handshakeMessageLen: 0x3a4
handshakeMessageLen: 932
nBytesLeft: 932
processHandshakeMessage:
MessageType: Certificate
ProcessCertificates:
Certificate:
derSize: 926
certSubjectCN: *.server.cz
certSerial: 06
certIssuerCN: server.cz
--Certificate
NumCertificates: 1
Queueing Certificates message...
--ProcessCertificates
--processHandshakeMessage
--ProcessTlsRecord
--processTlsRecord
Dequeued Certificate message.
Received SSL 3.0 or TLS record...
m_contentType: 22
m_majorVersion: 3
m_minorVersion: 1
msgLen: 4
TlsRecord:
ContentType: Handshake
Protocol: TLS 1.0
PacketLen: 4
LengthMsb: 0x0
LengthLsb: 0x4
--TlsRecord
processTlsRecord:
ProcessTlsRecord:
ContentType: Handshake
handshakeMessageType: ServerHelloDone
handshakeMessageLen: 0x0
handshakeMessageLen: 0
nBytesLeft: 0
processHandshakeMessage:
MessageType: ServerHelloDone
Queueing HelloDone message.
--processHandshakeMessage
--ProcessTlsRecord
--processTlsRecord
DequeuedMessageType: ServerHelloDone
OK to ServerHelloDone!
No client certificate required by the server.
Encrypted pre-master secret with server certificate RSA public key is OK.
Sending ClientKeyExchange...
Sent ClientKeyExchange message.
Sending ChangeCipherSpec...
Sent ChangeCipherSpec message.
Derived keys.
Installed new outgoing security params.
Sending FINISHED message..
algorithm: aes
keyLength: 256
Sent FINISHED message..
Received SSL 3.0 or TLS record...
m_contentType: 20
m_majorVersion: 3
m_minorVersion: 1
msgLen: 1
TlsRecord:
ContentType: ChangeCipherSpec
Protocol: TLS 1.0
PacketLen: 1
LengthMsb: 0x0
LengthLsb: 0x1
--TlsRecord
processTlsRecord:
ProcessTlsRecord:
ContentType: ChangeCipherSpec
ccsProtocolType: 1
--ProcessTlsRecord
--processTlsRecord
Received SSL 3.0 or TLS record...
m_contentType: 22
m_majorVersion: 3
m_minorVersion: 1
msgLen: 48
Decrypting incoming message...
paddingLen: 11
decryptedMsg: 1400 000C DE00 0430 5EA4 F078 3F29 4452
05A4 36C7 61DF 8FBB 1CDD 48FB F1DE CD74
macLen: 20
TlsRecord:
ContentType: Handshake
Protocol: TLS 1.0
PacketLen: 48
LengthMsb: 0x0
LengthLsb: 0x30
--TlsRecord
processTlsRecord:
ProcessTlsRecord:
ContentType: Handshake
handshakeMessageType: HandshakeFinished
handshakeMessageLen: 0xc
handshakeMessageLen: 12
nBytesLeft: 12
processHandshakeMessage:
MessageType: HandshakeFinished
FinishedMsgLen: 12
Queueing Finished message.
--processHandshakeMessage
--ProcessTlsRecord
--processTlsRecord
Dequeue the FINISHED message...
Dequeued Finished message.
Handshake completed successfully.
Secure Channel Established.
Success.
--Connect_Socket
--ChilkatLog
In your LastErrorText, I cannot see the "DllDate" line at the beginning, so I don't know if you're using an old version. If you are using an old version, download and test with the latest...