Problem with MSSOAP over SSL to a non-MS webservice

John Moore

unread,

Sep 14, 2004, 1:21:03 AM9/14/04

to

We are trying to get MSSOAP 3.0 to talk with a BEA Weblogic 8.1 webservice
using SSL with Client Certificate Authentication. So far all of our attempts
have failed.

We have read all of the documents on the MS website to do with SOAP and
webservices, as well as a good many non-MS discussion group posts.

We are aware of the following restrictions:
1. WSDL cannot be loaded from the SSL URL (we manually load it locally, if
we use the high-level APIs, or dont use it at all in our low-level API test
program)
2. SSL must be on the default port 443
3. Client cert must be accessible to MSSOAP (we test this using the
winhttpcertcfg.exe utility and also the privkey.vbp test program in the MS
CAPICOM samples, which gives more information on the cert store attributes)
4. Client cert is valid (we check it via IE6 and mmc BUT see note below)
5. Server side cert must be trusted by client MSSOAP (initally it wasnt, but
the error message was fairly easy to understand)
6. Server side cert name must match the machine name in the URL

Note 1:
All of our Digital Certs are test ones that we generated ourselves using
OpenSSL. We eventually generated then to have similiar attributes to known
3rd party certs. However, our first attempts showed how touchy these
attributes can be. The test ones we have now seem to be accepted by Weblogic
and IE for browser-based SSL sessions. We have not yet ruled out some
idiosyncrasy between the test certs and MSSOAP.
End Note 1

IE6 can access the Weblogic site and, after asking for the client
certificate, does display a HTML page.

Also, a BEA Weblogic Java webservice client, running on a PC can
successfully make a call over SSL with client authentication.

We thus believe that the webserver is correctly configured for SSL and
Client Authentication.

We have traced the SSL protocol using winhttptracecfg.exe and a variety of
TCP/IP sniffers on the client, and protocol tracing on the server. Most of
the initial SSL protocol is not encrypted. It is only after the initial
handshaking that it becomes encrypted, and thus more difficult to understand.
We have compared the traces of MSSOAPs messages with the succesful Java
messages.

We have tried using both winhttp.dll (ver 5.1) and wininet.dll as
connectors. (wininet.dll doesnt seam to have a tracing facility that we could
find?).

We have tried both MSSOAP.dll v3.0 and MSOSOAP.dll V3.0.

We have tried the test program against an Apache reverse proxy server which
is configured for SSL and Client Authentication (and then passes the soap
message through to a non-SSL Weblogic copy of the server application,
although it never gets that far). It seems to get further, ie we see a HTTP
POST get sent, but then fails - but that is another story for another
discussion.

So we are open to suggestions, especially from the MS people who seem to
monitor this discussion group and comment sometimes.

Our thoughts are that either
a. MSSOAP or winhttp have some undocumented rule about something in our
client certificate.
b. MSSOAP or winhttp do not like the Weblogic SSL protocol sequence (a
TCP/IP trace of the Weblogic SSL sequence seems very different compared with
a trace of an Apache sequence)

Lots of details follow:

========================================================================
Here is the VBA source of out low-level API test program, using a reference
to winhttp.dll as the HttpConnector30 object:

========================================================================

Option Explicit
Private Const END_POINT_URL = "https://axa14webserv/web_services/wsTTL10?WSDL"
Private Const CALC_NS = "wjava:ats.ttl"

Public Function Execute() As String

Dim Method As String
Dim a As String
Dim b As String
Dim Serializer As SoapSerializer30
Dim Reader As SoapReader30
Dim Connector As ISoapConnector

On Error GoTo printerr

a = "50002800"
b = "contbxm"
Method = "getTitleDetailsComplexList"
Set Connector = New HttpConnector30
Connector.Property("EndPointURL") = END_POINT_URL
Connector.Property("SSLClientCertificateName") = "axa14title3"
Connector.Connect

Connector.Property("SoapAction") = "wsTTL10"
Connector.BeginMessage

Set Serializer = New SoapSerializer30
Serializer.Init Connector.InputStream

Serializer.StartEnvelope
Serializer.StartBody
Serializer.startElement Method, CALC_NS, , "m"
Serializer.startElement "string"
Serializer.WriteString a
Serializer.endElement
Serializer.startElement "string0"
Serializer.WriteString b
Serializer.endElement
Serializer.endElement
Serializer.EndBody
Serializer.EndEnvelope

Connector.EndMessage

Set Reader = New SoapReader30
Reader.Load Connector.OutputStream

If Not Reader.Fault Is Nothing Then
MsgBox Reader.FaultString.Text, vbExclamation
Else
Execute = Reader.RpcResult.Text
End If

printerr:

Debug.Print Err.Description

End Function

=======================================================================
Here is the debug output of this test program:

=======================================================================

?execute()
Connector:Bad certificate. HRESULT=0x800A1529 - Connector:Unspecified HTTP
error. HRESULT=0x800A1518

=======================================================================
Here is the winhttp trace of this test program:

=======================================================================

14:27:28.707 ::*Session* :: >>>> WinHttp Version 5.1 Build 5.1.2600 Aug 28
2002 22:53:18>>>>Process EXCEL.EXE [2968 (0xb98)] started at 14:27:28.707
09/14/2004
14:27:28.707 ::*Session* ::
WinHttpCrackUrl("https://axa14webserv/web_services/wsTTL10?WSDL", 0x0, 0x0,
0x13f4b8)
14:27:28.707 ::*Session* ::
WinHttpCrackUrlA("https://axa14webserv/web_services/wsTTL10?WSDL", 0x2e, 0x0,
0x13f3f8)
14:27:28.707 ::*Session* :: WinHttpCrackUrlA() returning TRUE
14:27:28.707 ::*Session* :: WinHttpCrackUrl() returning TRUE
14:27:28.707 ::*Session* :: WinHttpOpen("SOAP Toolkit 3.0", (1), "", "", 0x0)
14:27:28.754 ::*Session* :: WinHttpOpen() returning handle 0x59a4000
14:27:28.754 ::*Session* :: WinHttpSetOption(0x59a4000, (45), 0x13f590
[0x47014c4], 4)
14:27:28.754 ::*Session* :: WinHttpSetOption() returning TRUE
14:27:28.754 ::*Session* :: WinHttpSetStatusCallback(0x59a4000, 0x5824037,
0x10000)
14:27:28.754 ::*Session* :: WinHttpSetStatusCallback() returning NULL
14:27:28.754 ::*Session* :: WinHttpConnect(0x59a4000, "axa14webserv", 443,
0x0)
14:27:28.754 ::*Session* :: WinHttpConnect() returning handle 0x59a8000
14:27:28.754 ::*Session* :: WinHttpOpenRequest(0x59a8000, "POST",
"/web_services/wsTTL10?WSDL", "HTTP/1.1", "", 0x0, 0x00800100)
14:27:28.864 ::*Session* :: WinHttpCreateUrlA(0x13f3e0, 0x0, 0x5b40000,
0x13f41c)
14:27:28.864 ::*Session* :: WinHttpCreateUrlA() returning TRUE
14:27:28.864 ::*0000001* :: WinHttpOpenRequest() returning handle 0x59aa000
14:27:28.864 ::*Session* :: WinHttpSetTimeouts(0x59aa000, 0, 0, 0, 30000)
14:27:28.864 ::*Session* :: WinHttpSetTimeouts() returning TRUE
14:27:28.864 ::*0000001* :: WinHttpSetOption(0x59aa000, (77), 0x13f5a8
[0x1], 4)
14:27:28.864 ::*0000001* :: WinHttpSetOption() returning TRUE
14:27:28.879 ::*Session* :: WinHttpAddRequestHeaders(0x59aa000, "SOAPAction:
"wsTTL10"\r\n", -1, 0x20000000)
14:27:28.879 ::*Session* :: WinHttpAddRequestHeaders() returning TRUE
14:27:28.879 ::*Session* :: WinHttpAddRequestHeaders(0x59aa000,
"Content-Type: text/xml; charset="UTF-8"\r\n", -1, 0x20000000)
14:27:28.879 ::*Session* :: WinHttpAddRequestHeaders() returning TRUE
14:27:28.879 ::*0000001* :: WinHttpSendRequest(0x59aa000, "", 0, 0x0, 0,
487, 0)
14:27:28.957 ::*0000001* :: "axa14webserv" resolved
14:27:29.020 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x90312
[SEC_I_CONTINUE_NEEDED]
14:27:29.020 ::*0000001* :: sending data:
14:27:29.020 ::*0000001* :: 70 (0x46) bytes
14:27:29.020 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
{data deleted by John Moore - it was an SSL Client Hello}
14:27:29.020 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
14:27:29.051 ::*0000001* :: received data:
14:27:29.051 ::*0000001* :: 1024 (0x400) bytes
14:27:29.051 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
{data deleted by John Moore - it was an SSL "Server Hello; Server Cert;
Client cert request; Server Done" sequence}
14:27:29.051 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
14:27:29.067 ::*0000001* :: received data:
14:27:29.067 ::*0000001* :: 853 (0x355) bytes
14:27:29.067 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
{data deleted by John Moore - it was continuation of the last message}
14:27:29.067 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
14:27:29.067 ::*0000001* :: received data:
14:27:29.067 ::*0000001* :: 285 (0x11d) bytes
14:27:29.067 ::*0000001* :: <<<<-------- HTTP stream follows below
----------------------------------------------->>>>
{data deleted by John Moore - it was continuation of the last message}
14:27:29.067 ::*0000001* :: <<<<-------- End
----------------------------------------------->>>>
14:27:29.098 ::*0000001* :: WinHttpSendRequest: error 12044
[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
14:27:29.098 ::*0000001* :: WinHttpSendRequest() returning FALSE
14:27:29.098 ::*0000001* :: WinHttpReceiveResponse(0x59aa000, 0x0)
14:27:29.098 ::*0000001* :: WinHttpReceiveResponse: error 12017
[ERROR_WINHTTP_OPERATION_CANCELLED]
14:27:29.098 ::*0000001* :: WinHttpReceiveResponse() returning FALSE
14:27:29.129 ::*0000001* :: WinHttpCloseHandle(0x59aa000)
14:27:29.129 ::*0000001* :: WinHttpCloseHandle() returning TRUE
14:27:29.129 ::*Session* :: WinHttpCloseHandle(0x59a8000)
14:27:29.129 ::*Session* :: WinHttpCloseHandle() returning TRUE
14:27:29.129 ::*Session* :: WinHttpCloseHandle(0x59a4000)
14:27:29.129 ::*Session* :: WinHttpCloseHandle() returning TRUE

=======================================================================
Here is our test client cert (the test CA cert that signed this cert is not
included here, but we do have it in our cert store):

=======================================================================

--
Ta, John

Engels Rajangam

unread,

Sep 16, 2004, 12:42:04 PM9/16/04

to

Please check the following.
1. If you view the client certificate the default tab should have "You have
a private key that corresponds to this certificate"
2. The SSLClientCertifcateName property has to be set with the full path.
For example it may be "CURRENT_USER\MY\MyCert" if the certificate is in
the logged on user's personal store. It has to be
"LOCAL_MACHINE\MY\MyCert". The MyCert is the "subject name" property's
"Common Name" (CN) value of the client certificate. Please note
CURRENT_USER, LOCAL_MACHINE, MY and Common Name are all case sensitive.
3. Make sure that you have only one certificate with the subject name you
are providing here, in the certificate store. If you have multiple
certificates with the same subject name, the certificate you want to use
should be at the top.
4. You can also run the following simple VBScript (test.vbs) for the
endpoint URL and check if you are able to do a simple GET on that using
WinHttp. The following is for using a client certificate from the logged on
user's personal store.

Dim req
Set req = CreateObject("Winhttp.WinhttpRequest.5.1")
req.Open "GET", "https://servername/path/endpointurl.asp", false
req.SetClientCertificate "CURRENT_USER\MY\MyCert"
req.Send
Wscript.Echo req.ResponseText

5. Confirm that the server SSL certificate is of version SSL 3.0. SOAP
toolkit uses WinHttp which by default works with SSL 3.0 only.

Hope that helps,
Engels Rajangam
Microsoft Developer Support - Internet

Please do not send email directly to this alias. This is our online account
name for newsgroup participation only.

This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
--------------------
| >>Thread-Topic: Problem with MSSOAP over SSL to a non-MS webservice
| >>thread-index: AcSaGqEfUhaML6+dQJaSA4TtsRQxcA==
| >>X-WBNR-Posting-Host: 61.88.57.1
| >>From: "=?Utf-8?B?Sm9obiBNb29yZQ==?="
<John...@discussions.microsoft.com>
| >>Subject: Problem with MSSOAP over SSL to a non-MS webservice
| >>Date: Mon, 13 Sep 2004 22:21:03 -0700
| >>Lines: 263
| >>Message-ID: <5558D624-9928-4752...@microsoft.com>
| >>MIME-Version: 1.0
| >>Content-Type: text/plain;
| >> charset="Utf-8"
| >>Content-Transfer-Encoding: 7bit
| >>X-Newsreader: Microsoft CDO for Windows 2000
| >>Content-Class: urn:content-classes:message
| >>Importance: normal
| >>Priority: normal
| >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| >>Newsgroups: microsoft.public.xml.soap
| >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| >>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl
| >>Xref: cpmsftngxa06.phx.gbl microsoft.public.xml.soap:6959
| >>X-Tomcat-NG: microsoft.public.xml.soap

John Moore

unread,

Sep 22, 2004, 1:39:02 AM9/22/04

to

Thanks for replying to this note. I have been on holidays since your reply,
so sorry for the slow turn-around.

Answers to your checklist:
1. Yes
2. Have tried with and without full path. I was aware that path was
case-sensitive but cannot guarantee that I always got it right. I will check
again.
3. I have multiple certs, but all have different CNs.
4. I have copy/pasted your script and it runs in one-way SSL. I have to wait
for my Weblogic expert to get back from holidays to re-configure the
webserver into 2-way SSL again before I can test it. Will let you know the
results in the next day or two.
5. I have seen this statement before - that "winhttp (and thus MSSOAP) use
SSL 3.0 by default". This is not what I am seeing. When I trace the SSL
protocol (using EtherReal and others), I see that the client sends a SSL
"Client Hello" message with a SSL version of 3.1, which is TLS 1.0, not SSL
3.0. I am not setting anything in winhttp to say "use TLS 1.0". Your test.vbs
script even uses TLS 1.0. This is fine because the server is configured to
use either TLS 1.0 or SSL 3.0.

Further info:
1. We have done some more testing against an Aventail Proxy Server (which
uses Apache webserver and modSSL inside). We believe that it is not adhering
to the SSL 3.0 or TLS 1.0 protocols properly and have logged a call with
them for further clarification.
2. I have written an even lower level test program that uses calls to the
winhttprequest object. Etherreal traces and winhttp traces reveal that
winhttp is not handling the webservers SSL "CertificateRequest" message
properly. Instead of getting the certificate from the certificate store and
sending it to the server and then resending the data message, it is just
failing with a "[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]" error (which later
gets translated into the "Connector:Bad certificate" user level error
message). I would love to know exactly what checks winhttp does internally
just before splitting out that particular error status. Maybe that would
allow us to concentrate our trial-and-error testing in one spot.

Will post more in a day or two.

Thanks, John

John Moore

unread,

Sep 24, 2004, 2:17:02 AM9/24/04

to

OK, some more info:

Question 4 (below):

I have run your VBS and it works fine against the Weblogic configured for
SSL and Client Cert required.

My low level test program that uses winhttpRequest also works.

So, that means that the issue is NOT in the winhttp C/C++ API, NOT in
accessing the certificate store, NOT in the certificate itself, NOT in the
SSL protocol used by Weblogic.

Both of these test programs use the winhttpRequest object from winhttp.dll

Our belief now is that the base level winhttp api returns an error
"[ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]" whenever the server requests a
client cert. It is then up to the calling routine to call :
WinHttpSetOption(handle,
WINHTTP_OPTION_CLIENT_CERT_CONTEXT,"CURRENT_USER\MY\MyCert", len)
and then resend the failed message.

Internet Explorer does this correctly
winhttpRequest (in winhttp.dll) does this correctly
winhttpConnector30 (in WHSC30.dll) does NOT do this correctly
wininetConnector30 (in WISC30.dll) does NOT do this correctly
httpConnector30 (in MSSOAP30.dll) does NOT do this correctly

So, unless there is some undocumented restriction, we believe there may be a
bug in these last three libraries.

ta john

Engels Rajangam

unread,

Sep 24, 2004, 3:28:11 PM9/24/04

to

Since the WinHttpRequest from the script works, I agree with you that the
SSL server/client certficates and the server end seem to be okay. Can you
please take a winhttp trace for the success and failure cases and post?

The following seems to be the default behaviour by WinHttp with SSL. "The
TLS 1.0 and SSL 3.0 security protocols are considered more secure than SSL
2.0. By default, WinHTTP requests TLS 1.0 or SSL 3.0 when negotiating an
SSL connection, not SSL
2.0."(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winht
tp/http/winhttp_security_considerations.asp).

Hope that helps,
Engels Rajangam
Microsoft Developer Support - Internet

Please do not send email directly to this alias. This is our online account
name for newsgroup participation only.

This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.

--------------------
| >>Thread-Topic: Problem with MSSOAP over SSL to a non-MS webservice

| >>thread-index: AcSh/htjYumgbrj3RTmbCaxu9HKLQw==

| >>X-WBNR-Posting-Host: 61.88.57.1
| >>From: "=?Utf-8?B?Sm9obiBNb29yZQ==?="
<John...@discussions.microsoft.com>

| >>References: <5558D624-9928-4752...@microsoft.com>
<eaFlcwAn...@cpmsftngxa06.phx.gbl>
<522A4BEB-41BA-497A...@microsoft.com>
| >>Subject: RE: Problem with MSSOAP over SSL to a non-MS webservice
| >>Date: Thu, 23 Sep 2004 23:17:02 -0700
| >>Lines: 448
| >>Message-ID: <8B9B1DF9-ECA2-4DBD...@microsoft.com>

| >>MIME-Version: 1.0
| >>Content-Type: text/plain;
| >> charset="Utf-8"

| >>Content-Transfer-Encoding: 8bit

| >>Xref: cpmsftngxa06.phx.gbl microsoft.public.xml.soap:7001
| >>X-Tomcat-NG: microsoft.public.xml.soap

John Moore

unread,

Sep 27, 2004, 2:13:02 AM9/27/04

to

This will be long, but here it goes:

=============================aaareadme.txt==================================================================================
This directory contains seven files:

1_VBScript.vbs

The first test program using VB Script and winhttpRequest, which came from
Engels Rajangam. It works.

1_VBScript_t-WScript.exe-15.04.33.577.009-27.2004.1904.LOG

The winhttp trace file for the the first test program. (A lot of the data
has been removed to make it more readable).

2_VBA_winhttp.txt

The second test program using VBA (run from within Excel 2003) and
winhttpRequest (winhttp.dll). It also works.

2_VBA_winhttp_t-EXCEL.EXE-13.05.21.824.009-27.2004.1980.LOG

The winhttp trace file for the the second test program. (A lot of the data
has been removed to make it more readable).

3_VBA_Soap_Toolkit_3.txt

The third test program using VBA and MSSOAP Toolkit 3.0 (MSSOAP30.dll). It
does not work.

3_VBA_Soap_Toolkit_3_t-EXCEL.EXE-13.05.21.824.009-27.2004.1980.LOG

The winhttp trace file for the the third test program. (A lot of the data
has been removed to make it more readable).

aaareadme.txt

This readme file.

Please note the position of the following call in each of the trace files:

WinHttpSetOption(0x?????, (47), 0x????? [0x1], 20)

which is the call to winhttp api (ie
WinHttpSetOption(handle,WINHTTP_OPTION_CLIENT_CERT_CONTEXT,"CURRENT_USER\MY\MyCert", len) )
to tell it which certificate should be used.

In particular, this call is missing from the trace of the third test program
and nothing I do can force MSSOAP to call it.

ta john

============================================================================================================================
=============================1_VBScript.vbs=================================================================================

Dim req
Set req = CreateObject("Winhttp.WinhttpRequest.5.1")

req.Open "GET", "https://axa14webserv/web_services/wsTTL10?WSDL", false
req.SetClientCertificate "CURRENT_USER\MY\axa14title3"
req.Send
Wscript.Echo req.ResponseText
============================================================================================================================
=============================1_VBScript_t-WScript.exe-15.04.33.577.009-27.2004.1904.LOG=====================================
>>>> WinHttp Version 5.1 Build 5.1.2600 Aug 28 2002 22:53:18>>>>Process WScript.exe [1904 (0x770)] started at 15:04:33.577 09/27/2004
IWinHttpRequest::Open(method: "GET", url:
"https://axa14webserv/web_services/wsTTL10?WSDL", async: 0)
WinHttpOpen("Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
(0), "", "", 0x0)
WinHttpOpen() returning handle 0x13b7000
WinHttpSetOption(0x13b7000, (79), 0x12ea38 [0x2], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x13b7000, (68), 0x13b4080 [0xfde9], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x13b7000, (84), 0x13b40a8 [0xa0], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x13b7000, (88), 0x13b40bc [0x1], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x13b7000, (83), 0x13b40c0 [0x20000000], 4)
WinHttpSetOption() returning TRUE

WinHttpCrackUrl("https://axa14webserv/web_services/wsTTL10?WSDL", 0x0, 0x0,

0x12e9dc)

WinHttpCrackUrlA("https://axa14webserv/web_services/wsTTL10?WSDL", 0x2e,

0x0, 0x12e91c)
WinHttpCrackUrlA() returning TRUE
WinHttpCrackUrl() returning TRUE
WinHttpConnect(0x13b7000, "axa14webserv", 443, 0x0)
WinHttpConnect() returning handle 0x13b40e0
WinHttpOpenRequest(0x13b40e0, "GET", "/web_services/wsTTL10?WSDL", "", "",
0x0, 0x00800080)
WinHttpCreateUrlA(0x12e828, 0x0, 0x1420000, 0x12e864)
WinHttpCreateUrlA() returning TRUE
WinHttpOpenRequest() returning handle 0x13bd000
WinHttpSetOption(0x13bd000, (77), 0x13b40b8 [0x0], 4)
WinHttpSetOption() returning TRUE
IWinHttpRequest::Open() returning 0 [ERROR_SUCCESS]
WinHttpSetOption(0x13bd000, (47), 0x167918 [0x1], 20)
WinHttpSetOption() returning TRUE
IWinHttpRequest::Send(VARIANT varBody)
WinHttpSetStatusCallback(0x13bd000, 0x760b0056, 0x10000)
WinHttpSetStatusCallback() returning NULL
WinHttpSendRequest(0x13bd000, "", 0, 0x0, 0, 0, 13b4000)
"axa14webserv" resolved
Winsock/RPC/SSL/Transport error: 0x90312 [SEC_I_CONTINUE_NEEDED]
sending data:
70 (0x46) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

....A...=..AW.a._.t?..E... C.%.1|.{....C-{.........
...d.b.........c..
<<<<-------- End ----------------------------------------------->>>>
received data:
1024 (0x400) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
853 (0x355) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
285 (0x11d) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
sending data:
702 (0x2be) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
51 (0x33) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

..........(.J.....uw..g.M......4.l.ju_.k0..c..~.kh7
<<<<-------- End ----------------------------------------------->>>>
sending data:
171 (0xab) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

GET /web_services/wsTTL10?WSDL HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: axa14webserv
Connection: Keep-Alive

<<<<-------- End ----------------------------------------------->>>>
WinHttpSendRequest() returning TRUE
WinHttpReceiveResponse(0x13bd000, 0x0)
received data:
141 (0x8d) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
108 (0x6c) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

HTTP/1.1 200 OK
Date: Mon, 27 Sep 2004 05:04:34 GMT
Content-Type: text/xml
Transfer-Encoding: Chunked

<<<<-------- End ----------------------------------------------->>>>
WinHttpReceiveResponse() returning TRUE
WinHttpQueryHeaders(0x13bd000, (0xffff), "Content-Type", 0x1431000,
0x12e9b8 [64], 0x0 [0])
WinHttpQueryHeaders() returning TRUE
WinHttpQueryDataAvailable(0x13bd000, 0x12e9f4, 0x13b4094)
received data:
1500 (0x5dc) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
2609 (0xa31) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
4080 (0xff0) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of XML data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
WinHttpQueryDataAvailable() returning TRUE
WinHttpReadData(0x13bd000, 0x1594000, 4072, 0x12ea00)
WinHttpReadData() returning TRUE
WinHttpQueryDataAvailable(0x13bd000, 0x12e9f4, 0x13b4094)
received data:
4109 (0x100d) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
4080 (0xff0) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of XML data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
{the previous 14 lines are repeated 4 or 5 times - John Moore}
received data:
37 (0x25) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

.... 5 ....>y.....DE?+uF.!...>..WH...
<<<<-------- End ----------------------------------------------->>>>
received data:
8 (0x8) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

0000

<<<<-------- End ----------------------------------------------->>>>
WinHttpQueryDataAvailable() returning TRUE
WinHttpReadData(0x13bd000, 0x1594000, 0, 0x12ea00)
WinHttpReadData() returning TRUE
IWinHttpRequest::Send() returning 0 [ERROR_SUCCESS]
WinHttpCloseHandle(0x13bd000)
WinHttpCloseHandle() returning TRUE
WinHttpCloseHandle(0x13b40e0)
WinHttpCloseHandle() returning TRUE
WinHttpCloseHandle(0x13b7000)
WinHttpCloseHandle() returning TRUE

============================================================================================================================
=============================2_VBA_winhttp.txt==============================================================================

Public Function tstwinhttp() As String
Dim wcon As New WinHttpRequest
Dim ret As Variant

On Error GoTo nowend

wcon.Option(WinHttpRequestOption_SelectCertificate) =
"CURRENT_USER\MY\axa14title3"
Call wcon.Open("POST", "https://axa14webserv/web_services/wsTTL10?WSDL")

Call wcon.setRequestHeader("SOAPAction", """wsTTL10""")
Call wcon.setRequestHeader("Content-Type", "text/xml; charset=""UTF-8""")

Call wcon.setRequestHeader("Accept", "text/xml")
Call wcon.setRequestHeader("Cache-Control", "no-cache")
Call wcon.setRequestHeader("Pragma", "no-cache")

wcon.send ("<?xml version=""1.0"" encoding=""UTF-8""
standalone=""no""?><SOAP-ENV:Envelope
xmlns:SOAPSDK1=""http://www.w3.org/2001/XMLSchema""
xmlns:SOAPSDK2=""http://www.w3.org/2001/XMLSchema-instance""
xmlns:SOAPSDK3=""http://schemas.xmlsoap.org/soap/encoding/""
xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/""><SOAP-ENV:Body><m:getTitleDetailsComplexList
xmlns:m=""wjava:au.gov.qld.nrm.ats.ttl""><string>50002800</string><string0>contbxm</string0></m:getTitleDetailsComplexList></SOAP-ENV:Body></SOAP-ENV:Envelope>")

Debug.Print wcon.getAllResponseHeaders
tstwinhttp = wcon.responseText

Exit Function

nowend:
tstwinhttp = Err.Description
End Function

----------------------------------------------------------------------------------------------------

IN THE IMMEDIATE WINDOW:

?tstwinhttp()
Date: Mon, 27 Sep 2004 03:05:22 GMT
Content-Length: 3183
Content-Type: text/xml

<env:Envelope {rest of the XML response deleted by John Moore}></env:Envelope>

============================================================================================================================
=============================2_VBA_winhttp_t-EXCEL.EXE-13.05.21.824.009-27.2004.1980.LOG====================================
>>>> WinHttp Version 5.1 Build 5.1.2600 Aug 28 2002 22:53:18>>>>Process EXCEL.EXE [1980 (0x7bc)] started at 13:05:21.840 09/27/2004
IWinHttpRequest::Open(method: "POST", url:
"https://axa14webserv/web_services/wsTTL10?WSDL", async: 0)
WinHttpOpen("Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
(0), "", "", 0x0)
WinHttpOpen() returning handle 0x2c07000
WinHttpSetOption(0x2c07000, (79), 0x13f620 [0x2], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x2c07000, (68), 0x2c04080 [0xfde9], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x2c07000, (84), 0x2c040a8 [0xa0], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x2c07000, (88), 0x2c040bc [0x1], 4)
WinHttpSetOption() returning TRUE
WinHttpSetOption(0x2c07000, (83), 0x2c040c0 [0x20000000], 4)
WinHttpSetOption() returning TRUE

WinHttpCrackUrl("https://axa14webserv/web_services/wsTTL10?WSDL", 0x0, 0x0,

0x13f5c4)

WinHttpCrackUrlA("https://axa14webserv/web_services/wsTTL10?WSDL", 0x2e,

0x0, 0x13f504)
WinHttpCrackUrlA() returning TRUE
WinHttpCrackUrl() returning TRUE
WinHttpConnect(0x2c07000, "axa14webserv", 443, 0x0)
WinHttpConnect() returning handle 0x2c040e0
WinHttpOpenRequest(0x2c040e0, "POST", "/web_services/wsTTL10?WSDL", "", "",
0x0, 0x00800080)
WinHttpCreateUrlA(0x13f40c, 0x0, 0x2db0000, 0x13f448)
WinHttpCreateUrlA() returning TRUE
WinHttpOpenRequest() returning handle 0x2c0d000
WinHttpSetOption(0x2c0d000, (77), 0x2c040b8 [0x0], 4)
WinHttpSetOption() returning TRUE
IWinHttpRequest::Open() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::SetRequestHeader(header: "SOAPAction", value: ""wsTTL10"")
WinHttpAddRequestHeaders(0x2c0d000, "SOAPAction: "wsTTL10"\r\n", -1,
0x20000000)
WinHttpAddRequestHeaders() returning TRUE
IWinHttpRequest::SetRequestHeader() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::SetRequestHeader(header: "Content-Type", value: "text/xml;
charset="UTF-8"")
WinHttpAddRequestHeaders(0x2c0d000, "Content-Type: text/xml;

charset="UTF-8"\r\n", -1, 0x20000000)

WinHttpAddRequestHeaders() returning TRUE
IWinHttpRequest::SetRequestHeader() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::SetRequestHeader(header: "Accept", value: "text/xml")
WinHttpAddRequestHeaders(0x2c0d000, "Accept: text/xml\r\n", -1, 0x20000000)
WinHttpAddRequestHeaders() returning TRUE
IWinHttpRequest::SetRequestHeader() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::SetRequestHeader(header: "Cache-Control", value: "no-cache")
WinHttpAddRequestHeaders(0x2c0d000, "Cache-Control: no-cache\r\n", -1,
0x20000000)
WinHttpAddRequestHeaders() returning TRUE
IWinHttpRequest::SetRequestHeader() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::SetRequestHeader(header: "Pragma", value: "no-cache")
WinHttpAddRequestHeaders(0x2c0d000, "Pragma: no-cache\r\n", -1, 0x20000000)
WinHttpAddRequestHeaders() returning TRUE
IWinHttpRequest::SetRequestHeader() returning 0 [ERROR_SUCCESS]
IWinHttpRequest::Send(VARIANT varBody)
WinHttpSetStatusCallback(0x2c0d000, 0x760b0056, 0x10000)
WinHttpSetStatusCallback() returning NULL
WinHttpSendRequest(0x2c0d000, "", 0, 0x2c05400, 502, 502, 2c04000)
"axa14webserv" resolved
Winsock/RPC/SSL/Transport error: 0x90312 [SEC_I_CONTINUE_NEEDED]
sending data:
70 (0x46) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
1024 (0x400) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
853 (0x355) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
received data:
285 (0x11d) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

{lots of binary data removed by John Moore}
<<<<-------- End ----------------------------------------------->>>>
WinHttpSendRequest: error 12044 [ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED]
WinHttpSendRequest() returning FALSE
WinHttpSetOption(0x2c0d000, (47), 0x24e5c0 [0x1], 20)
WinHttpSetOption() returning TRUE
WinHttpSetStatusCallback(0x2c0d000, 0x760b0056, 0x10000)
WinHttpSetStatusCallback() returning 0x760b0056
WinHttpSendRequest(0x2c0d000, "", 0, 0x2c05400, 502, 502, 2c04000)
Winsock/RPC/SSL/Transport error: 0x90312 [SEC_I_CONTINUE_NEEDED]
sending data:
70 (0x46) bytes

<<<<-------- HTTP stream follows below
----------------------------------------------->>>>

....A...=..AW.r./.42?.Jc7..`.&.z..ps....V..........
...d.b.........c..
<<<<-------- End ----------------------------------------------->>>>
received data:
1024 (0x400) bytes