Winsock/RPC/SSL/Transport error: 0x90312 [SEC_I_CONTINUE_NEEDED]
ram
i am using WinHttp 5.0 in our COM Application to communicate to Apache
Webserver, which is running on our customized board(x86 based) with
customized OS(linux).
i use winhttp APIs in asynchronous mode, it works fine most of the
time, but some times HTTP requests are not sent to Server. the winhttp
traces shows "Winsock/RPC/SSL/Transport error: 0x90312
[SEC_I_CONTINUE_NEEDED".
if any one know the solution please let me know
thanks in advance
regards
ramesh
please find the attached logs
11:04:05.671 ::*Session* :: >>>> WinHttp Version 5.0 Build 5.0.2613 Sep
7 2001 04:26:33>>>>Process OVNRouter.exe [992 (0x3e0)] started at
11:04:05.671 03/22/2005
11:04:06.171 ::*Session* :: WinHttpOpen("HttpDriver/1.0", (1), "", "",
0x10000000)
11:04:06.171 ::*Session* :: WinHttpOpen() returning handle 0x14c2000
11:04:06.171 ::*Session* :: WinHttpSetOption(0x14c2000, (84), 0xf3a1d0
[0x8], 4)
11:04:06.171 ::*Session* :: WinHttpSetOption() returning TRUE
11:04:06.171 ::*Session* :: WinHttpSetOption(0x14c2000, (3), 0xf3a1d0
[0x927c0], 4)
11:04:06.171 ::*Session* :: WinHttpSetOption() returning TRUE
11:04:06.171 ::*Session* :: WinHttpSetOption(0x14c2000, (6), 0xf3a1d0
[0x493e0], 4)
11:04:06.171 ::*Session* :: WinHttpSetOption() returning TRUE
11:04:06.187 ::*Session* :: WinHttpConnect(0x14c2000, "199.63.20.204",
443, 0x0)
11:04:06.187 ::*Session* :: WinHttpConnect() returning handle 0x14c8000
11:04:06.187 ::*Session* :: WinHttpOpenRequest(0x14c8000, "POST",
"EPSHTTPServer.nsp", "", "", 0x0, 0x00800000)
11:04:06.187 ::*Session* :: WinHttpCreateUrlA(0xf39fc0, 0x0, 0x14f0000,
0xf39ffc)
11:04:06.187 ::*Session* :: WinHttpCreateUrlA() returning TRUE
11:04:06.187 ::*0000001* :: WinHttpOpenRequest() returning handle
0x14e0000
11:04:06.187 ::*Session* :: WinHttpSetStatusCallback(0x14e0000,
0x4018a7, 0x7e0000)
11:04:06.187 ::*Session* :: WinHttpSetStatusCallback() returning NULL
11:04:06.187 ::*0000001* :: WinHttpSendRequest(0x14e0000, "", 0,
0xf3e1ac, 7668, 7668, 8745b8)
11:04:06.187 ::*0000001* :: WinHttpSendRequest() returning TRUE
11:04:06.578 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x90312
[SEC_I_CONTINUE_NEEDED]
11:04:06.578 ::*0000001* :: sending data:
11:04:06.578 ::*0000001* :: 45 (0x2d) bytes
11:04:06.578 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.578 ::*0000001* ::
.+....................@......$e.k..Fl....7..c
11:04:06.578 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
11:04:06.578 ::*0000001* :: received data:
11:04:06.578 ::*0000001* :: 706 (0x2c2) bytes
11:04:06.578 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.578 ::*0000001* :: .............0...0......0
..*.H..
.....0..1.0...U....IN1.0...U....karnataka1.0...U....bangalore1.0...U.
11:04:06.578 ::*0000001* :: ..honeywell1
0...U....htsl1.0
..U....xl5ovn1$0"..*.H..
.....support@honeywell.com0..
691231204420Z.
371230204420Z0..1.0...U....IN1.0...U....karnataka1.0...U....bangalore1.0...U.
11:04:06.578 ::*0000001* :: ..honeywell1
0...U....htsl1.0
..U....xl5ovn1$0"..*.H..
.....support@honeywell.com0..0
..*.H..
.........0.........(K..=...|.oo......7."\.....a<./
11:04:06.578 ::*0000001* ::
....BQN...j...k\...@-...F.&)j`.......u..{.?,.../....rD...p....X.....s~yb...fS*&
11:04:06.578 ::*0000001* :: ...1..8)..........0
..*.H..
.........&....>`..x.[`.>..c..J.4.bi.`.....]6..!U.Y. @...=.#.......r~....y..X-.`..@..w.H...5).....&7......x..QXtA....._0IQ+.`..v.B..,..9.............@......b....l=..u..5.%.
11:04:06.578 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
11:04:06.609 ::*0000001* :: sending data:
11:04:06.609 ::*0000001* :: 140 (0x8c) bytes
11:04:06.609 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.609 ::*0000001* ::
............`S.P>f+.....s..m....^.."..n%...T..)A...aa
......N..v.z.8;..... .bm.ww.1..'...`.O.v...x:.k.....).I......}j.....z.K...u.q..
...0^P
11:04:06.609 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
11:04:06.781 ::*0000001* :: received data:
11:04:06.781 ::*0000001* :: 35 (0x23) bytes
11:04:06.781 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.781 ::*0000001* :: .!.G.... i......M........z}....M.].
11:04:06.781 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
11:04:06.781 ::*0000001* :: sending data:
11:04:06.781 ::*0000001* :: 35 (0x23) bytes
11:04:06.781 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.781 ::*0000001* :: .!..s
11:04:06.781 ::*0000001* :: p....\.}J.YS...~.>.H.yG......
11:04:06.781 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
11:04:06.906 ::*0000001* :: received data:
11:04:06.906 ::*0000001* :: 35 (0x23) bytes
11:04:06.906 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
11:04:06.906 ::*0000001* :: .!&........L.7F
.6.+X.b.N..v....gQ
11:04:06.906 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
Patrick Tronnier
The following Perl script generates the "Winsock/RPC/SSL/Transport error:
0x90312 [SEC_I_CONTINUE_NEEDED]" eror message followed by the
"Winsock/RPC/SSL/Transport error: 0x80090325 [?]" error message.
Server: Stronghold/3.0 Apache/1.3.22 RedHat/3021c
Client: Windows 2000 sp4
Any suggestions are appreciated.
Here is the relevent section of the winhttptracecfg log file:
09:16:31.347 ::*Session* :: WinHttpAddRequestHeaders() returning TRUE
09:16:31.347 ::*0000001* :: WinHttpSendRequest(0x61e9000, "", 0, 0x6244f88,
171, 171, 0)
09:16:31.378 ::*0000001* :: "sandboxsmd.iso-ne.com" resolved
09:16:31.659 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x90312
[SEC_I_CONTINUE_NEEDED]
09:16:31.659 ::*0000001* :: sending data:
09:16:31.659 ::*0000001* :: 62 (0x3e) bytes
09:16:31.659 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
09:16:31.659 ::*0000001* ::
....9...5..B:.....H...i.....A4..._u.n.0oO........d.b.......c..
09:16:31.659 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
09:16:31.831 ::*0000001* :: received data:
09:16:31.831 ::*0000001* :: 1024 (0x400) bytes
09:16:31.831 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
09:16:31.831 ::*0000001* :: ....J...F..B:.....MR.. .=..........,@m.....
...5O...`.H......5_4\.T...x".`.
09:16:31.831 ::*0000001* :: .......!..........0...0..|..........0
..*.H..
.....0N1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: ..Equifax1-0+..U...$Equifax Secure Certificate
Authority0..
040621160740Z.
050821160740Z0..1.0...U....US1.0...U...
Massachusetts1.0...U....Holyoke1.0...U.
09:16:31.831 ::*0000001* :: ..ISO New England1.0...U....Market
Systems1.0...U....sandboxsmd.iso-ne.com0..0
..*.H..
.........0.........V%....<..F..r.
U...3...qeL...]..o....eB..tc.I.C2u...v...Z..'..[..=......d.V...v(S...2U.B....6
...Lk4Yp.=I\$.F.n..I.k-.Pe.;............0..0...`.H...B.......@0...U...........0...U........._'.....#..ad.F...0:..U...3010/.-.+.)http://crl.geotrust.com/crls/secureca.crl0...U.#..0...H.h.+....G.# .O3....0...U.%..0...+.........+.......0
..*.H..
..................Z..ny...4...j]-D....g[\.J..\6.^.Ekl.e..%......p...52..x...I.{\.|...|Zf..@...).]'32..`|-8..e}...Dw.k:._.*...^.+3...g...)z.....
.........a0_1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: ..VeriSign, Inc.1705..U....Class 2 Public
Primary Certification Authority..0..1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
09:16:31.831 ::*0000001* :: received data:
09:16:31.831 ::*0000001* :: 263 (0x107) bytes
09:16:31.831 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
09:16:31.831 ::*0000001* ::
09:16:31.831 ::*0000001* :: ..VeriSign, Inc.1<0:..U...3Class 2 Public
Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For
authorized use only1.0...U....VeriSign Trust Network.U0S1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: ..Equifax Secure Inc.1&0$..U....Equifax Secure
eBusiness CA-1....
09:16:31.831 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
09:16:31.831 ::*0000001* :: sending data:
09:16:31.831 ::*0000001* :: 1069 (0x42d) bytes
09:16:31.831 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
09:16:31.831 ::*0000001* :: ...............0...0..D........(0
..*.H..
.....0K1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: ..ISO New England Inc.1.0...U....ISO New England
CA 10..
050131220052Z.
060214220052Z0..1.0...U....US1.0...U.
09:16:31.831 ::*0000001* :: ..Split Rock Energy LLC1.0...U....USER ID -
6000242031.0...U....xxxxJaques (12345)1&0$..*.H..
.....xxxxx.jaques@oati.net0..0
..*.H..
.........0.......4..5#..K....9.v1
z..h...T......~...;.a......+..1.g.......'...>.#...
..9.Na:.+. ...-.?$'.Ny..w.. ....]:...|AAd..dz.R
.....xR..R.C........0..0...`.H...B........0...U...........0:..U...3010/.-.+.)http://crl.geotrust.com/crls/isoneca1.crl0...U.#..0...I..tE.......x...My..0
..*.H..
..........
09:16:31.831 ::*0000001* :: e.G.!a..{F..
09:16:31.831 ::*0000001* ::
..hu-XEn..F.!...,6.....*.x4...c.ga....%S.Y...Y.W.D4.....A..Xvx...Q.H.gL.].}.]...T.....Q2z....'........6W.$5.%'..=..........;.I.#.}t}w.../.j.{E........c#_
09:16:31.831 ::*0000001* ::
6.>..Z..7.d..y.mowql.)."..{.o>....B....kO).....C..9U(<.|/.z...Dq.U..
09:16:31.831 ::*0000001* ::
...1]..|.!..:.i7..W..u..............[1....K.q..B.7.IhE.t|H..ur....'...J.*..?u...Q"4...I.:..
?9.#........".3U..x['......\...&..E.......|,L......; ..6...){..OG..g..........(JV.*..b.By..q.Du.......VCm....i..o.L3...
09:16:31.831 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
09:16:32.019 ::*0000001* :: received data:
09:16:32.019 ::*0000001* :: 7 (0x7) bytes
09:16:32.019 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
09:16:32.019 ::*0000001* :: ......0
09:16:32.019 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
09:16:32.019 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x80090325 [?]
09:16:32.019 ::*0000001* :: WinHttpSendRequest: error -2146893019 [0x80090325]
09:16:32.019 ::*0000001* :: WinHttpSendRequest() returning FALSE
09:16:32.019 ::*0000001* :: WinHttpQueryHeaders(0x61e9000, (0x16),
"<null>", 0x0, 0x140fba8 [0], 0x0 [0])
09:16:32.019 ::*0000001* :: WinHttpQueryHeaders() returning FALSE
09:16:32.019 ::*0000001* :: WinHttpQueryHeaders(0x61e9000, (0x16),
"<null>", 0x6245558, 0x140fba8 [6], 0x0 [0])
09:16:32.019 ::*0000001* :: WinHttpQueryHeaders() returning TRUE
09:16:32.019 ::*0000001* :: WinHttpCloseHandle(0x61e9000)
09:16:32.019 ::*0000001* :: WinHttpCloseHandle() returning TRUE
09:16:32.019 ::*Session* :: WinHttpCloseHandle(0x61e8000)
09:16:32.034 ::*Session* :: WinHttpCloseHandle() returning TRUE
09:16:32.034 ::*Session* :: WinHttpCloseHandle(0x61e4000)
Here is the Perl Script:
#==========================================
# This script uses the COM (OLE) extension to access the HttpRequest
# COM application and execute methods to check for response
#==========================================
use Win32::OLE;
#-----------------------------------------------------------------------
# Create the array argument for object creation in server = IP Address
# and for object ID = Program ID
#----------------------------------------------------------------------
@classID = ('GDI5', "HttpRequest.HttpReq.1");
#--------------------------------------------------------------------
# Create the COM object (will start server if not already started)
#--------------------------------------------------------------------
$httpReq = new Win32::OLE(\@classID);
#------------------------------------------------------------------
# If got hold of interface execute the ping method to check object
#------------------------------------------------------------------
if (defined $httpReq)
{
#------------------------------
# First open the connection
#------------------------------
$httpReq->DebugFile("e:\\webRTO\\log\\shttprequest.log");
$httpReq->Open("POST",
"https://sandboxsmd.iso-ne.com/mkt/private/XmlRequest");
#---------------------
# Set some headers
#---------------------
$httpReq->SetRequestHeader("Context-Type", "text/*");
$httpReq->SetRequestHeader("User-Agent", "Mozilla/4.0 (compatible;
OATI)");
#-----------------------------------------------
# Set the connection timeout for good measure
#-----------------------------------------------
$httpReq->SetConnectionTimeout(60000);
#-------------------------------
# Process certificate issues
#-------------------------------
$httpReq->SetClientCertificate("\\\\WEBMINEDEVDB01\\apps\\certs\\ISONE\\ADMN\\xxxx.pfx", "xxxxx Jaques (12345)", "sre");
#----------------------
# Send the request
#----------------------
my $messageText = qq(
<?xml version="1.0" encoding="UTF-8"?>
<XMLQUERY>
<DEMANDBYPARTICIPANT_REQUEST>
<DAY>20050306</DAY>
</DEMANDBYPARTICIPANT_REQUEST>
</XMLQUERY>
);
$response = $httpReq->Send($messageText);
print "DATA: \n$response\n";
#----------------------
# Get the headers
#----------------------
$headers = $httpReq->GetHttpHeaders();
print "HEADERS: \n$headers\n";
#-------------------------
# Close the connection
#-------------------------
$httpReq->Close();
}
==========================================
Biao Wang [MSFT]
SEC_I_CONTINUE_NEEDED is a infomational "error" indicating the SSL handshake
is in progress with the server. The real issue is 0x80090325 which maps to
SEC_E_UNTRUSTED_ROOT, a error reported from the Windows 2000 crypto api.
This error means the crypto system can not validate the authenticity of the
server certificate due to the certificate for the root CA (the Certificate
Authority that issued and signed the server certificate) not being available
from the client machine.
You can verify whether that was the case by using a browser and navigate to
https://sandboxsmd.iso-ne.com; If the browser reports the same error, that
means the root cert is indeed not installed.
To address the problem, simply import and install the server certificate
into the client machine.
Hope this helps,
Biao.W. [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Patrick Tronnier" <Patrick...@discussions.microsoft.com> wrote in
message news:B682C569-6CF1-4E5D...@microsoft.com...
Patrick Tronnier
Your solution of "simply import and install the server certificate into the
client machine" I belive will work. However, this has to be done in my code
as my IT dept. has refused to add this to their build steps. Also, the site
https://sandboxsmd.iso-ne.com requires cient certificates.
Here is the cert chains:
Server: sandboxsmd.iso-ne.com > issued by> Equifax Secure Certificate
Authority
Client: Leonard Jaques (50702) > issued by> ISO New England CA 1> > issued
by> Equifax Secure eBusiness CA-1
In my code I am opening up temporary certificate stores to store both the
client and server cert chains. Then use the stored certs to validate the
chain.
Is there sample code (preferably C++) somewhere which demonstrates how to do
this (i.e. cert downloading and chain checking using temporary cert stores)?
Thanks Patrick
Patrick Tronnier
Information Access extension. Thus each cert has to be installed to a
temporary cert store from a file located on a network share.