WinHTTP security error

ulrichd · 2018-07-30 13:39:40

First post, so: thanks for the mORMot Framework - great stuff!

Now on to the issue at hand...

Got an odd problem here: I have a server/client application that communicates via SSL secured interface functions. So far, everything has been working great and I have no issue running server and client on two different Windows 10 PCs. However, I just installed my client on Windows 7 and it's giving me the following error:

20180727 20361848  ! debug RequestSync
20180727 20361848  !  +    mORMotHttpClient.TSQLHttpClientWinHTTP(028DDDB0).CallBackGet ols/Timestamp
20180727 20361848  !  +    	mORMotHttpClient.TSQLHttpClientWinHTTP(028DDDB0).InternalURI GET
20180727 20361856  ! EXC   		EWinHTTP ("WinHTTP security error. Status 65536, statusInfo: 16") at 0074FA18 SynCrtSock.TWinHTTP.InternalConnect (10491)  stack trace API 
20180727 20361857  !  -    	00.137.235
20180727 20361857  !  -    00.137.254
20180727 20361857  ! warn  mORMotHttpClient.TSQLHttpClientWinHTTP(028DDDB0) /Timestamp call failed -> Server not available
20180727 20361857  ! info  mORMotHttpClient.TSQLHttpClientWinHTTP(028DDDB0) Destroy ols

How can I find out what exactly the problem is, or where the status/statusinfo values for this error are defined?

I'm suspecting the client on Windows 7 doesn't like something about the certificate of the server, as there's nothing logged about the connection attempt on the server side.

The certificate I'm using on the server side is created on demand during installation (as it has to be customized to the server: SAN field holds host name and IP address). The CA certificate that is used to sign the server certificate was added to the "Local Computer\Trusted Root Certification Authorities" on the client.

BTW: browsing to the MVC web page of the server works fine from Windows 7 (no certificate issues).

Any pointers would be greatly appreciated!

ab · 2018-07-30 16:46:49

You can try to set the THttpRequest.IgnoreSSLCertificateErrors property, which is exactly for such cases.

ulrichd · 2018-07-30 18:42:37

ab wrote:

You can try to set the THttpRequest.IgnoreSSLCertificateErrors property, which is exactly for such cases.

Thanks ab, that makes the error go away.

I can't help wondering though what can of worms I open by setting this property?

Is there no way of finding out what winhttp is bothered by?

ab · 2018-07-30 20:03:25

I guess some deprecated protocol problem: the server doesn't accept some TLS protocols, which are set by Windows Seven.

ulrichd · 2018-07-31 13:28:00

ab wrote:

I guess some deprecated protocol problem: the server doesn't accept some TLS protocols, which are set by Windows Seven.

Hadn't thought of that!

Ok, I'll probably end up adding some code to only set the property if it's running on a system with a know certificate issue.

Thanks for help, much appreciated.

Regards,
Ulrich

mORMot Open Source

#1 2018-07-30 13:39:40

WinHTTP security error

#2 2018-07-30 16:46:49

Re: WinHTTP security error

#3 2018-07-30 18:42:37

Re: WinHTTP security error

#4 2018-07-30 20:03:25

Re: WinHTTP security error

#5 2018-07-31 13:28:00

Re: WinHTTP security error

Board footer