EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Client authentication for SSL/TLS connection

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#36950
Posted: 06/09/2016 15:01:01
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

Hi,

We are using SecureBlack box .NET library to make SSL/TLS connection from WinCE. We are using .NET 3.5 CF. What is the correct process to do client authentication with SecureBlackbox library? We are connecting to a server which mandates client authentication. What we have done is register for the OnCertificateNeededEx event in the TElSecureClient class. When we get the callback we are passing in the .pfx file from our local disk(using password). The certificate is returned in the callback, but we are getting multiple callbacks for this method. There was logic in the samples to send it once and we added that to send the certificate once. But the connection to the server does not succeed and its closed. The OnOpenConnection event handler is never called. So is there anything needed to successfully establish connection with client authentication?
#36951
Posted: 06/09/2016 15:04:46
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.


Sincerely yours
Eugene Mayevski
#36953
Posted: 06/09/2016 15:34:18
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

I have added it now.
#36958
Posted: 06/09/2016 16:18:33
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

I modified the sample in SSLBlackbox\Desktop\Server\Chat\Client to connect to the server with the certificate i had for the server(which works in a standard Microsoft .NET library when making SSL/TLS 1.1 connection) and it does not connect successfully.
#36961
Posted: 06/10/2016 00:53:33
by Eugene Mayevski (EldoS Corp.)

Thank you for linking the ticket.

If you have multiple certificates in the PFX, there's a good chance that you provide the wrong certificate via OnCertificateNeededEx. There's a simpler approach available --

1) load the PFX to the instance of TElMemoryCertStorage class using its LoadFromStreamPFX method
2) assign this TElMemoryCertStorage to ClientCertStorage property of the SSL/TLS client.
3) comment out the code in OnCertificateNeededEx event handler.

This should be enough.


Sincerely yours
Eugene Mayevski
#36967
Posted: 06/10/2016 09:35:10
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

Thanks Eugene. I tried that and now I get an exception on this event handler
Code

private void ElSecureClientSend(Object sender, byte[] buffer)
      {
         try
         {
            clientSocket.BeginSend(buffer, 0, buffer.Length, 0,
               new AsyncCallback(AsyncSendCallback), clientSocket);
         }
         catch (Exception ex)
         {
            Reset();
            SetStatusText("Connection closed");
            AppendToMemo("Connection closed - " + ex.Message);
         }
      }


The exception happens on the send with the message Connection closed - An established connection was aborted by the software in your host machine
#36968
Posted: 06/10/2016 10:01:27
by Eugene Mayevski (EldoS Corp.)

If I understand it right, ElSecureClientSend() is the OnSend event handler implemented by you. The problem is that OnSend and OnReceive are blocking events - you must send the data and/or grab them to your buffer in the event handler. In your case this means that you should not send the original buffer (because it will be overwritten), but make a copy of the data and send that copy. It would be even better if you completed sending while in ElSecureClientSend() method.

Without this change it's hard to say, what happens in your data flow. You need to fix data sending first, then we can investigate other aspects.


Sincerely yours
Eugene Mayevski
#36970
Posted: 06/10/2016 10:17:39
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

Eugene,

I took the code as is from the samples. I changed that to a synchronous send and I still have the same failure.

Code
   private void ElSecureClientSend(Object sender, byte[] buffer)
      {
         try
         {
                //clientSocket.BeginSend(buffer, 0, buffer.Length, 0,
                //    new AsyncCallback(AsyncSendCallback), clientSocket);
                clientSocket.Send(buffer);
         }
         catch (Exception ex)
         {
            Reset();
            SetStatusText("Connection closed");
            AppendToMemo("Connection closed - " + ex.Message);
         }
      }
#36971
Posted: 06/10/2016 10:23:09
by Eugene Mayevski (EldoS Corp.)

Quote
Rohith Chinnaswamy wrote:
I took the code as is from the samples.


Could you please tell me, what particular example contains asynchronous code?

Quote
Rohith Chinnaswamy wrote:
I changed that to a synchronous send and I still have the same failure.


Please handle OnError event of TElSSLClient and see if anything is reported in its parameters.


Sincerely yours
Eugene Mayevski
#36972
Posted: 06/10/2016 10:28:00
by Rohith Chinnaswamy (Priority Standard support level)
Joined: 06/09/2016
Posts: 16

I took the sample in SSLBlackbox\Desktop\Server\Chat\Client. The OnError event handler is already in place and I am not getting a callback there.

And my .pfx file has everything, the certificate, the sub-CA and the root that signed it. I am not sure if that is causing the problem.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2530 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!