How can I get/inspect the certificate used on SQL Server to encrypt the connection?
I need to retrieve and inspect the certificate, and if possible do some custom validation
This code works for most things, except SQL Server it just times out
var sqlServer = "sqlserver-fqdn";
using (var client = new TcpClient())
{
client.SendTimeout = 10000;
client.ReceiveTimeout = 10000;
await client.ConnectAsync(sqlServer, 1433).ConfigureAwait(false);
using (var stream = client.GetStream())
using (var sslStream = new SslStream(stream, false,
(sender, certificate, chain, policyErrors) =>
{ /* do some validation */ }, null))
{
sslStream.AuthenticateAsClient(sqlServer);
}
}
Throws exception:
System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond..
---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Setting ServicePointManager.ServerCertificateValidationCallback += CertificateCallBack; has no effect, it's only used for http clients
Related
My project is a simple server which accepts connection requests on port 5123 also my server use a specific certificate.
If the department of computer science makes a connection request to my server and use any certificate allowed by my server, my server will accept that request and everything will be ok
But if the department of information technology makes a connection request to my server and used a different certificate! my server will force close that connection and throw this error A call to SSPI failed, see inner exception.
I made a function DisplayCertificateInformation which gives you certificate information of client. That function works if the client used any certificate allowed by my server. If the client used a different certificate that function will throw this error "A call to SSPI failed, see inner exception."
Also if client used a different cert my server will abort on this line by throwing this error "A call to SSPI failed, see inner exception." and will ignore the rest lines
ServerSslStream.AuthenticateAsServer(certificate, false, SslProtocols.Tls12, false);
My question is how can I get client's cert when the client try to connect to my server, I just want to know which cert did the client use because I want to add an exception for some department's certificate, not all departments
Here is my code
private static void AcceptConnection_SSL(object client)
{
TcpClient inClient = client as TcpClient;
NetworkStream stream = inClient.GetStream();
SslStream ServerSslStream = new SslStream(inClient.GetStream(), false, SslValidationCallback);
// These two lines will throw error if client used different cert
ServerSslStream.AuthenticateAsServer(certificate, false, SslProtocols.Tls12, false);
DisplayCertificateInformation(ServerSslStream);
}
private static Boolean SslValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
return true;
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine("Certificate revocation list checked: {stream.CheckCertRevocationStatus}");
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}
// Display the properties of the client's certificate.
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
if (remoteCertificate != null)
{
Console.WriteLine(
"Remote cert was issued to {remoteCertificate.Subject} and is valid from {remoteCertificate.GetEffectiveDateString()} until {remoteCertificate.GetExpirationDateString()}.");
}
}
else
{
Console.WriteLine("Remote certificate is null.");
}
}
C#, How to get Client's certificate (acquire a client certificate during the TLS handshake process)
When I try to use proxy in my web socket sharp client it says "An invalid proxy authentication challenge is specified.", even if proxy credentials are correct, if I try to set that proxy as browser proxy it works fine.
What could be the problem?
My code:
static WebSocket socket;
socket = new WebSocket("ws://" + "example.com:8080", "guacamole");
socket.OnClose += OnClose;
socket.OnOpen += OnOpen;
socket.OnMessage += OnMessage;
socket.Compression = CompressionMethod.Deflate;
socket.SetProxy("http://" + "exampleproxy.com:31112", proxyUser, proxyPass);
socket.Connect();
I have setup the following connection factory
var factory = new ConnectionFactory() {
HostName = this.ApplicationConfigurationManager.QueueHostname,
UserName = ...,
Password = ...,
Ssl = new SslOption
{
Enabled = true,
ServerName = this.ApplicationConfigurationManager.QueueHostname,
AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateChainErrors
}
};
The factory endpoint correctly shows as {amqp://localhost:5671}, as 5671 is for SSL, 5672 is for unsecured.
Note that locally I have not yet enabled SSL for RabbitMQ.
What I notice is that when I create a connection:
using (var connection = factory.CreateConnection())
and inspect the remote endpoint, it shows as {[::1]:5672}.
Why? I would expect it to try to connect to 5671 and fail (correctly, as I have not enabled it yet).
Does RabbitMQ ConnectionFactory fallback to 5672 (unsecure) if it finds out that SSL (5671) is not enabled?
I'm making a api service which connects to a SSL TCP server to retrieve data. I first made this api in C# and it works. Later I ported it to node.js to take the advantages of node.js. However I couldn't connect to the server.
Target :
Host : prodtw.lol.garenanow.com
Port : 2099
Code in C# which can connect to the server and works perfectly:
TcpClient client;
try
{
client = new TcpClient("prodtw.lol.garenanow.com", 2099);
Console.WriteLine("Connected to server.");
}
catch
{
Console.WriteLine("Error");
return;
}
SslStream sslStream = new SslStream(client.GetStream(), false, AcceptAllCertificates); //AcceptAllCertificate does nothing, just return true
var ar = sslStream.BeginAuthenticateAsClient("prodtw.lol.garenanow.com", null, null);
using (ar.AsyncWaitHandle)
{
if (ar.AsyncWaitHandle.WaitOne(-1))
sslStream.EndAuthenticateAsClient(ar);
}
// Connected, write something
byte[] handshakePacket = new byte[1537];
sslStream.Write(handshakePacket);
Code in node.js, which couldn't connect to the SSL TCP server :
var tls = require('tls');
console.log('Connecting');
var stream = tls.connect(2099, "prodtw.lol.garenanow.com", function() {
console.log('Successfully connected!'); //Never print this message.
});
After running the above node.js code, it never shows "Successfully connected". It only shows "Connecting" and stucks at tls.connect...
My Code is below:
MySqlConnectionStringBuilder conn_string = new MySqlConnectionStringBuilder();
conn_string.Server = "mysql.***********.com";
conn_string.UserID = "********";
conn_string.Password = "********";
conn_string.Port = 3306;
conn_string.Database = "*********";
var connectionString = conn_string.ToString();
var connection = new MySqlConnection(connectionString);
connection.Open();
The error that I get is System.TimeoutException
Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
The code worked before when I was on a different network, but now that I have changed networks it no longer works and I get a timeout error on the connection.Open(); command.
Any ideas on what is wrong? I know that the database/server and even the computer I'm using has not changed but my network has.