EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error while consuming webservice 100353

Posted: 04/10/2013 05:09:47
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112


I am trying to connect to the webservice below but I have received the error 100353. I have tried with just the main certificate, with all certificate chain but the results are allways the same.

The certificate is installed correctly and it is used to connect to other webservices without any problem.

I am using Windows 8 64 bits - Delphi XE Update 1 and I really don´t know what or where can be generating this error. I have seen the documentation and it is related with SSL. The routine used to connect is the same (if desired I can post it here) I use to connect with other webservices (it is working). I am using the method POST and check the connection using the browser with the certificate installed. I have removed the suffix "?wsdl" but don´t work and have tried using http instead of https and then I received a HTTP 302 error.

Could you give me some light to solve this problem ?

Webservice: https://homologacao.ginfes.com.br/ServiceGinfesImpl?wsdl
Posted: 04/10/2013 05:18:06
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

100353 stands for SB_HTTP_ERROR_CONNECT_FAILED. It means that error happened when opening connection to the remote host. This includes impossibility to connect, forceful closing of socket after connection and SSL/TLS handshake failure.

Please implement TElHTTPSClient.OnError event handler and check if some error is returned.
Posted: 04/10/2013 05:26:08
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112

The event OnError is not fired neither OnCertificateValidate
Posted: 04/10/2013 05:30:14
by Vsevolod Ievgiienko (Team)

The service requires client side authentication. Did you implement it?
Posted: 04/10/2013 05:36:36
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112

I think I do not know what you are talking about.

First, how do you know this ?

Second, how can I implement this ?
Posted: 04/10/2013 05:49:21
by Vsevolod Ievgiienko (Team)

Sorry for being not clear.

The service requires client's certificate for authentication. You can pass client's certificate via TElHTTPSClient.OnCertificateNeededEx event or put it into an instance of TELMemoryCertStorage and assign it to TElHTTPSClient.ClientCertStorage property.

I've checked this using my browser.
Posted: 04/10/2013 06:14:01
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112

No problem.

Ok. Now I got about the client authentication. I am using OnCertificateNeededEx passing the cliente certificate and it did not work (the event is not fired) and tried to use ClientCertStorage with the chain certificates but did not work too.

The code I am using:

function SendSoap(cWebService: String; cXml: String; cSoapAction: String = ''): Boolean;
var E: TStringList;
// Certificados digitais
if FullChain then begin
FHttpsClient.OnCertificateNeededEx := nil;
if FMemCert.Count > 0 then begin
FHttpsClient.ClientCertStorage := FMemCert;
end else begin
FHttpsClient.ClientCertStorage := nil;
end else begin
FHttpsClient.ClientCertStorage := nil;
FHttpsClient.OnCertificateNeededEx := FMyHttps.ClientCertNeededEx;

// Configurações de proxy
if ProxyHost <> '' then begin
FHttpsClient.UseHTTPProxy := True;
FHttpsClient.HTTPProxyHost := ProxyHost;
FHttpsClient.HTTPProxyPort := StrToIntDef(ProxyPort,0);
FHttpsClient.HTTPProxyUsername := ProxyUserName;
FHttpsClient.HTTPProxyPassword := ProxyPassword;
end else begin
FHttpsClient.UseHTTPProxy := False;

with FHttpsClient.RequestParameters do begin
UserAgent := 'HPRO Soap 1.2';
ContentType := 'text/xml';

// Usuário e senha do web service
if WSUserName <> '' then begin
Username := WSUserName;
if WSPassword <> '' then begin
Password := WSPassword;
end else begin
Username := '';
Password := '';

// Soap Action
if cSoapAction <> '' then begin
CustomHeaders.Add('SOAPAction: ' + cSoapAction);

WSResult := '';

// FHttpsClient.UseIPv6 := False;
FHttpPosted := False;
FHttpResult := FHttpsClient.Post(cWebService,cXml);
on E: Exception do begin
raise Exception.Create('@Ocorreu um erro durante a comunicação com o Webservice;;' + E.Message);
Result := FHttpResult = 200;
Posted: 04/10/2013 09:55:45
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112

Is there anything else I can do to find the solution to this error ?
Posted: 04/11/2013 02:44:10
by Vsevolod Ievgiienko (Team)

Sorry for the delayed answer.

It seems that this server has a firewall of ISP that blocks *unusual* from its point of view SSL connections.

Here is the solution. Please add this code somewhere before the HTTP request is performed:

uses SBSSLConstants;
  i: integer;
    FHttpsClient.CipherSuites[i] := false;

  FHttpsClient.CipherSuites[SB_SUITE_RSA_3DES_SHA] := true;
  FHttpsClient.CipherSuites[SB_SUITE_RSA_RC4_SHA] := true;
  FHttpsClient.CipherSuites[SB_SUITE_RSA_AES128_SHA] := true;
  FHttpsClient.CipherSuites[SB_SUITE_RSA_DES_SHA] := true;

After these changes TElHTTPSClient.OnCertificateNeededEx event is fired correctly.

Note that you should use OnCertificateNeededEx or ClientCertStorage but not both.
Posted: 04/11/2013 05:01:34
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 112

Sorry for the delayed answer
No problem

I have tried your code and the communication happened correctly. So far, so good. I will do more tests but I think now the problem is with me when creating the XML to send to the server.

Thank you very much for your contribution, patient and code examples. One more time I have learnt a lot with the support sessions.

The event OnCertificateNeededEx is now fired and your tips are always welcome.



Topic viewed 3400 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!