HttpWebRequest.GetRequestStream()打破由超时值在Windows 7 / Vista的SSL连接 [英] HttpWebRequest.GetRequestStream() breaks by timeout on SSL connection under Windows 7/Vista
问题描述
我有使得使用的HttpWebRequest 来PHP的Web服务的调用一个C#Windows应用程序(.NET 3.0框架)。
I have an C# windows application (.Net 3.0 Framework) that makes a call to PHP web service using HttpWebRequest.
在运7和; Vista的中,如果呼叫是通过非SSL发(即的http:// ),代码工作正常。当呼叫更改为超时调用SSL(HTTPS :)链接的版本,它在 HttpWebRequest.GetRequestStream()。出现这种情况每次。
In Win 7 & Vista, if the call is made via non-SSL (i.e. http://), the code works fine. When the call is changed to call the SSL(https:) version of the link, it times out at the HttpWebRequest.GetRequestStream(). This happens every time.
在此相同的应用程序在A 的Windows XP 的机器正常工作与正在使用HTTP或HTTPS的URL运行。
When this same application is run on a Windows XP machine it works fine with either the HTTP or the HTTPS url being used.
中的代码确实有接受所有服务器证书代码。另外,我已经加入 System.Net记录。它写出的日志,但由于数据包进行加密,你还真看不出除了超时太多中止声明。
The code does have the accept all server certificates code in it. Also, I have added System.Net logging. It writes out the log but because the packets are encrypted you really don't see much except for the Timeout abort statement.
我也试过,但提琴手再次用加密的数据包,我看不到太多。顺便说一句,当我尝试使用Fiddler2来解密应用程序挂起,这样一直没有成功。
I've also tried Fiddler but again with the encrypted packets, I don't see much. BTW, when I try to use Fiddler2 to decrypt the app hangs so that has not been successful.
总之,任何帮助,将不胜感激。谢谢
Anyway, any help would be appreciated. Thanks.
我要补充:
- 我可以telnet到端口
- 我试图运行的应用程序作为管理员
- 我已经试过了Win XP的兼容模式(尝试任何东西)
<李>我单挑的连接代码伸到一个简单的单机应用
- I can telnet into the port
- I have tried running the app as Administrator
- I have tried the Win XP compatibility mode (trying anything)
- I have singled the connect code out into a simple stand-alone app
推荐答案
这错误工作C#应用程序出现了迁移被访问到新的服务器的网站后,这表明服务器端的问题。事实上,我们终于由Apache配置文件相匹配的证书中注册的域名中设置服务器名称值解决了这个问题。 (另一个论坛提到设置ServerAlias也将工作)
This error cropped up in a working C# application after migrating the website being accessed to a new server, and that indicated a server-side problem. Indeed, we finally resolved this issue by setting the "ServerName" value in the Apache configuration file to match the domain name registered in the certificate. (Another forum mentioned that setting "ServerAlias" would also work.)
更具体地讲,为对SSL站点httpd.conf文件曾在虚拟主机部分执行以下操作:
More specifically, the httpd.conf file for the SSL site had the following in the VirtualHost section:
ServerName www.secure.mydomain.com
该证书被注册到 secure.mydomain.com ,我们被访问URL也是 HTTPS: 。//secure.mydomain.com/test.html
The certificate was registered to secure.mydomain.com, and the URL we were accessing was also https://secure.mydomain.com/test.html.
所以,简单地改变conf文件到以下和重启动Apache的伎俩:
So simply changing the conf file to the following and restarting Apache did the trick:
ServerName secure.mydomain.com
下面也会有工作,最有可能的:
The following would have also worked, most likely:
ServerName www.secure.mydomain.com
ServerAlias secure.mydomain.com
这里的一些更多的背景资料,以供将来参考:
Here's some additional background information, for future reference:
我们在System.Net.trace.log看到的两个错误是:
The two errors we saw in the System.Net.trace.log were:
System.Net.Sockets Error: 0 : [4316] Exception in the
Socket#18796293::Receive - A blocking operation was
interrupted by a call to WSACancelBlockingCall
System.Net Error: 0 : [4316] Exception in the
HttpWebRequest#35191196:: - The operation has timed out
下面都是我们试过它并没有解决问题的事情:
Here are all the things we tried which did not resolve the issue:
- 从SSL证书颁发者为Apache的安装中间证书(这是必需的)
- 改变用户代理的Web请求(无效)
- 改变服务器端和客户端超时和内存限制(无效果)
- 测试与静态页面(无效)
- 测试与其他https网站(它们工作得很好)
- 添加证书到受信任的证书存储区(无效果)
- 购买和安装来自证书不同的证书颁发者(无效果)
- 比较来自已知的工作服务器问题服务器虚拟主机conf文件(这使我们解决这个问题)
- installing intermediate certificates from the SSL certificate issuer into Apache (this is required)
- changing user agent in web request (no effect)
- changing server-side and client-side time-outs and memory limits (no effect)
- testing with a static page (no effect)
- testing with other https sites (they worked fine)
- adding the cert to the trusted certificates store (no effect)
- purchase and install a certificate from a different certificate issuer (no effect)
- compare virtual host .conf files from a known working server to the problem server (this led us to resolve the issue)
的HTTPS URL可能在Opera,IE8和Firefox没有任何问题打开。 WGET为Windows抱怨的证书无效,但话又说回来,WGET是一个旧的应用程序并没有出现信任许多证书。
The https URL could be opened in Opera, IE8, and Firefox without any problems. WGET for Windows complained about an invalid certificate, but then again, WGET is an old application and does not appear to trust as many certificates.
C#的客户端应用程序在Windows下工作XP,但不是在Windows 7或Windows Vista。看来,Windows 7和Vista是更积极地验证证书。当它失败时,他们不提供信息的错误消息,而不是简单地在SSL握手期间超时。
The C# client application worked under Windows XP, but not in Windows 7 or Windows Vista. It appears that Windows 7 and Vista are more aggressive about validating the certificate. They do not provide an informative error message when it fails, and instead simply time out during the SSL handshake.
这篇关于HttpWebRequest.GetRequestStream()打破由超时值在Windows 7 / Vista的SSL连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
