2

I am trying to create an XML document from an https web request, but I am having trouble getting it to work when the site has an invalid certificate. I want my application to not care about the certificate, I want it to live it's life on the edge without fear!

Here is the initial code I had, which I have used before may times to get what I want from a standard http (non SSL) request:

XmlDocument xml = new XmlDocument();
XmlTextReader reader = new XmlTextReader("https://www.example.com");
xml.Load(reader);

With the site having an invalid SSL certificate I am now getting the following error:

The request was aborted: Could not create SSL/TLS secure channel.

Now I have done my Google-ing and tried a number of promising solutions but it seems to be of no help.

One I tried here on SO looked good but didn't seem to work, I added the 'accepted answer' line of code directly before my code above as it wasn't too clear as where it should go.

In case it makes any difference, my code is in a class library and I am testing via a console app. I am also using .Net 4.

Here is my latest attempt (which does not work):

XmlDocument xml = new XmlDocument();

ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback((s, ce, ch, ssl) => true);

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(urlCommand);
request.Credentials = CredentialCache.DefaultCredentials;

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    using (Stream receiveStream = response.GetResponseStream())
    {
        XmlTextReader reader = new XmlTextReader(receiveStream);
        xml.Load(reader);
    }
}
Community
  • 1
  • 1
musefan
  • 47,875
  • 21
  • 135
  • 185
  • Just thinking out loud: I'm confused about the `+=`. Does changing it to an `=` do anything for you? – skrebbel Jul 13 '12 at 11:59
  • @skrebbel: compiles fine but same run-time error – musefan Jul 13 '12 at 12:00
  • @skrebbel: dont worry, sorted ;-) – musefan Jul 13 '12 at 12:04
  • Why? If you don't want it to be secure, why are you using HTTPS at all? – user207421 Jul 13 '12 at 12:34
  • 1
    @EJP - sometimes you simply can't choose. There's plenty of service providers who provide an API to some partners which is not as well made as it should. Often, this includes only offering it over HTTPS, but with a self-signed certificate. While on the business field a push should be made to make these organisations fix their certificate issues, it might still be worthwhile to continue developing the client for testing and demonstration purposes - and maybe even a pilot. – skrebbel Jul 13 '12 at 13:49

3 Answers3

2

OK so I have found the solution. We had opted to try and disable the SSL on the server for testing and noticed it was using SSL 3. After another Google search I found some additional code to fix the issue (important to set the SecurityProtocolType):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback((s, ce, ch, ssl) => true);

XmlDocument xml = new XmlDocument();
XmlTextReader reader = new XmlTextReader(urlCommand);
xml.Load(reader);
musefan
  • 47,875
  • 21
  • 135
  • 185
  • If it's your own server though, then EJP's comment on your question makes more sense - why do HTTPS if it isn't really secure anyway? :-) – skrebbel Jul 13 '12 at 13:50
  • @skrebbel: But it is secure, invalid certificate or not, using ssl encrypts the connection either way so there is always that benefit – musefan Jul 13 '12 at 14:11
0

Hm, maybe the XmlTextReader uses a different way of accessing the HTTPS.

Try making the web request with a HttpWebRequest, and pass response.GetResponseStream() to the XML text reader (and leave the ServicePointManager.ServerCertificateValidationCallback override where you had it)

skrebbel
  • 9,841
  • 6
  • 35
  • 34
0

Reason for this error:

You are not using valid client certificate on your website.

You could try below:

  • For quick turn around you could try access the URL with http://_____ * - it's not recommended but for testing you could try.*

  • You are not using valid client certificate hence, you could write something like below:

    • Add this line where you are requesting to download XML or making some http request.

    //Add Mock certificate validation

    ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidationCallback);

  • Add below as a global method:

    public static bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors) { return true; }

Nagaraj solanki
  • 1
  • Your suggested solution is already present in the question, which clearly states it does not solve the problem. – musefan Jun 18 '21 at 13:50
  • I always tried with above code and it worked on most of the scenarios. In my code the difference is OnValidationCallback method is declared globally and which adds required namespaces for ceriticate validation. I see in your scenario Ssl3 was playing up. Rhanks for notifying on this. – Nagaraj solanki Jun 21 '21 at 02:18