RE: 0x80090325 error when using client cert without AIA in certs
From: Patrick Tronnier (PatrickTronnier_at_discussions.microsoft.com)
Date: 04/13/05
- Previous message: Patrick Tronnier: "RE: 0x80090325 error when using a client cert path with no AIA extensi"
- In reply to: Patrick Tronnier: "0x80090325 error when using client cert without AIA in certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Apr 2005 09:54:02 -0700
Sorry for the redundant posts. I received this error and thus was not sure if
my post was sucessfull or not.
error An error occurred while sending your post
--------------------------------------------------------------------------------
We're sorry, but there was a problem with the system and your post was not
received. The error has been reported to Operations and will be investigated
as soon as possible. Please try again later.
"Patrick Tronnier" wrote:
> Greetings,
>
> Problem:
> I receive a 0x80090325 error "The certificate chain was issued by an
> authority that is not trusted." when I attempt to connect to a site using a
> client certificate which does not have an Authority Information Access (AIA)
> extension. I assume the chain can not be build because my code does not know
> where to download the missing CA cert from.
>
> Scenario:
> The site is https://sandboxsmd.iso-ne.com/
>
> Server: Server: Stronghold/3.0 Apache/1.3.22 RedHat/3021c (Unix)
> mod_ssl/2.8.7 OpenSSL/0.9.6b mod_perl/1.25\r\n
>
> Client: Window2000 sp4
>
> Note: Both client and server root certs are installed!! Also, the problem
> goes away if the client Intermediate CA cert is installed in the
> LocalMachine\CA cert store.
>
> Here are the cert chains:
>
> Server: sandboxsmd.iso-ne.com > issued by> Equifax Secure Certificate
> Authority
>
> Client: Leonard Jaques (50702) > issued by> ISO New England CA 1> > issued
> by> Equifax Secure eBusiness CA-1
>
> Question:
> Is there sample code (preferably C++) which shows how to build a cert chain
> using files on a network share when the AIA extension is missing in a cert?
> If no sample code, can someone review my code and possibly let me know a
> better way to do this?
>
> Additional Info:
> Here is a winhttptracecfg log. (as I mentioned, when both client and server
> root certs are installed I still have problem. If client Intermediate CA cert
> is installed into the LocalMachine\CA store the problem goes away).
>
> Thank you very much in advance for any assistance.
>
> PS: Issue also cross posted in winhttp newsgroup.
>
> ==============================================
> 14:29:00.175 ::*Session* :: >>>> WinHttp Version 5.1 Build 5.1.2600 Dec 9
> 2003 01:37:31>>>>Process SHttpRequest.exe [3836 (0xefc)] started at
> 14:29:00.175 03/24/2005
> 14:30:01.878 ::*Session* ::
> WinHttpCrackUrl("https://sandboxsmd.iso-ne.com/mkt/private/XmlRequest", 0x34,
> 0x0, 0x12f5b0)
> 14:30:01.878 ::*Session* ::
> WinHttpCrackUrlA("https://sandboxsmd.iso-ne.com/mkt/private/XmlRequest",
> 0x34, 0x0, 0x12f3dc)
> 14:30:01.878 ::*Session* :: WinHttpCrackUrlA() returning TRUE
> 14:30:01.878 ::*Session* :: WinHttpCrackUrl() returning TRUE
> 14:30:01.878 ::*Session* :: WinHttpOpen("OATI WinHTTP Interface", (0), "",
> "", 0x0)
> 14:30:01.894 ::*Session* :: WinHttpOpen() returning handle 0xec4000
> 14:30:01.894 ::*Session* :: WinHttpConnect(0xec4000,
> "sandboxsmd.iso-ne.com", 443, 0x0)
> 14:30:01.894 ::*Session* :: WinHttpConnect() returning handle 0xec8000
> 14:30:01.894 ::*Session* :: WinHttpOpenRequest(0xec8000, "POST",
> "/mkt/private/XmlRequest", "", "", 0x0, 0x00800000)
> 14:30:02.003 ::*Session* :: WinHttpCreateUrlA(0x12f204, 0x0, 0x18d0000,
> 0x12f240)
> 14:30:02.003 ::*Session* :: WinHttpCreateUrlA() returning TRUE
> 14:30:02.003 ::*0000001* :: WinHttpOpenRequest() returning handle 0xec9000
> 14:30:02.003 ::*0000001* :: WinHttpSetOption(0xec9000, (6), 0x12f578
> [0x36ee80], 4)
> 14:30:02.003 ::*0000001* :: WinHttpSetOption() returning TRUE
> 14:30:02.019 ::*0000001* :: WinHttpSetOption(0xec9000, (3), 0x12f620
> [0xea60], 4)
> 14:30:02.019 ::*0000001* :: WinHttpSetOption() returning TRUE
> 14:30:02.269 ::*0000001* :: WinHttpSetOption(0xec9000, (47), 0x15fd60
> [0x1], 20)
> 14:30:02.269 ::*0000001* :: WinHttpSetOption() returning TRUE
> 14:30:02.269 ::*0000001* :: WinHttpSetOption(0xec9000, (79), 0x12f5cc
> [0x3100], 4)
> 14:30:02.269 ::*0000001* :: WinHttpSetOption() returning TRUE
> 14:30:21.003 ::*Session* :: WinHttpAddRequestHeaders(0xec9000,
> "Context-Type: text/*\r\nUser-Agent: Mozilla/4.0 (compatible; OATI)\r\n", -1,
> 0x20000000)
> 14:30:21.003 ::*Session* :: WinHttpAddRequestHeaders() returning TRUE
> 14:30:23.738 ::*0000001* :: WinHttpSendRequest(0xec9000, "", 0, 0xee5058,
> 125, 125, 0)
> 14:30:24.097 ::*0000001* :: "sandboxsmd.iso-ne.com" resolved
> 14:30:24.628 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x90312
> [SEC_I_CONTINUE_NEEDED]
> 14:30:24.628 ::*0000001* :: sending data:
> 14:30:24.628 ::*0000001* :: 62 (0x3e) bytes
> 14:30:24.628 ::*0000001* :: <<<<-------- HTTP stream follows below
> ----------------------------------------------->>>>
> 14:30:24.628 ::*0000001* :: ....9...5..BC#`5V;<.Ha. .....F
> .*.E.M$.X.b.......d.b.......c..
> 14:30:24.628 ::*0000001* :: <<<<-------- End
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* :: received data:
> 14:30:24.675 ::*0000001* :: 1024 (0x400) bytes
> 14:30:24.675 ::*0000001* :: <<<<-------- HTTP stream follows below
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* :: ....J...F..BC#_....V...........y.%:.IG9TU-b
> a.....G}...Uz.8..s[.^.#.....3+.........!..........0...0..|..........0
> ..*.H..
> .....0N1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: ..Equifax1-0+..U...$Equifax Secure Certificate
> Authority0..
> 040621160740Z.
> 050821160740Z0..1.0...U....US1.0...U...
> Massachusetts1.0...U....Holyoke1.0...U.
> 14:30:24.675 ::*0000001* :: ..ISO New England1.0...U....Market
> Systems1.0...U....sandboxsmd.iso-ne.com0..0
> ..*.H..
> .........0.........V%....<..F..r.
> U...3...qeL...]..o....eB..tc.I.C2u...v...Z..'..[..=......d.V...v(S...2U.B....6
> ..Lk4Yp.=I\$.F.n..I.k-.Pe.;............0..0...`.H...B.......@0...U...........0...U........._'.....#..ad.F...0:..U...3010/.-.+.)http://crl.geotrust.com/crls/secureca.crl0...U.#..0...H.h.+....G.# .O3....0...U.%..0...+.........+.......0
> ..*.H..
> .................Z..ny...4...j]-D....g[\.J..\6.^.Ekl.e..%......p...52..x...I.{\.|...|Zf..@...).]'32..`|-8..e}...Dw.k:._.*...^.+3...g...)z.....
> .........a0_1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: ..VeriSign, Inc.1705..U....Class 2 Public
> Primary Certification Authority..0..1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: <<<<-------- End
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* :: received data:
> 14:30:24.675 ::*0000001* :: 263 (0x107) bytes
> 14:30:24.675 ::*0000001* :: <<<<-------- HTTP stream follows below
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* ::
> 14:30:24.675 ::*0000001* :: ..VeriSign, Inc.1<0:..U...3Class 2 Public
> Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For
> authorized use only1.0...U....VeriSign Trust Network.U0S1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: ..Equifax Secure Inc.1&0$..U....Equifax Secure
> eBusiness CA-1....
> 14:30:24.675 ::*0000001* :: <<<<-------- End
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* :: sending data:
> 14:30:24.675 ::*0000001* :: 1069 (0x42d) bytes
> 14:30:24.675 ::*0000001* :: <<<<-------- HTTP stream follows below
> ----------------------------------------------->>>>
> 14:30:24.675 ::*0000001* :: ...............0...0..D........(0
> ..*.H..
> .....0K1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: ..ISO New England Inc.1.0...U....ISO New England
> CA 10..
> 050131220052Z.
> 060214220052Z0..1.0...U....US1.0...U.
> 14:30:24.675 ::*0000001* :: ..Split Rock Energy LLC1.0...U....USER ID -
> 6000242031.0...U....Leonard Jaques (50702)1&0$..*.H..
> .....leonard.jaques@oati.net0..0
> ..*.H..
> .........0.......4..5#..K....9.v1
> z..h...T......~...;.a......+..1.g.......'...>.#...
> ..9.Na:.+....-.?$'.Ny..w......]:...|AAd..dz.R
> ....xR..R.C........0..0...`.H...B........0...U...........0:..U...3010/.-.+.)http://crl.geotrust.com/crls/isoneca1.crl0...U.#..0...I..tE.......x...My..0
> ..*.H..
> ..........
> 14:30:24.675 ::*0000001* :: e.G.!a..{F..
> 14:30:24.675 ::*0000001* ::
> .hu-XEn..F.!...,6.....*.x4...c.ga....%S.Y...Y.W.D4.....A..Xvx...Q.H.gL.].}.]...T.....Q2z....'........6W.$5.%'..=...........;!h.!..n..<]N0.^
> ..#?O.s...c.........^....MU......i~..`^......%...!.$s..L&..3.,3.\.W&.Q..[[.D+.?ez.wV..fx....
> ../.nE".9%...........x..w....b.....-...y{5b[....O...x...AH...4./Q..\>.....[...*...n:,&...4..9.&.6,....8.5.Z1nJ.....g...H..
> 14:30:24.675 ::*0000001* ::
> .{4....._...^..Q*$?...............(~.:....w....V...)......[..X.?..#....F...
> 14:30:24.675 ::*0000001* :: <<<<-------- End
> ----------------------------------------------->>>>
> 14:30:24.722 ::*0000001* :: received data:
> 14:30:24.722 ::*0000001* :: 7 (0x7) bytes
> 14:30:24.722 ::*0000001* :: <<<<-------- HTTP stream follows below
> ----------------------------------------------->>>>
> 14:30:24.722 ::*0000001* :: ......0
> 14:30:24.722 ::*0000001* :: <<<<-------- End
> ----------------------------------------------->>>>
> 14:30:24.722 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x80090325 [?]
> 14:30:24.722 ::*0000001* :: WinHttpSendRequest: error -2146893019 [0x80090325]
> 14:30:24.722 ::*0000001* :: WinHttpSendRequest() returning FALSE
> 14:30:49.300 ::*0000001* :: WinHttpQueryHeaders(0xec9000, (0x16), "<null>",
> 0x0, 0x12f614 [0], 0x0 [0])
> 14:30:49.300 ::*0000001* :: WinHttpQueryHeaders() returning FALSE
> 14:30:49.300 ::*0000001* :: WinHttpQueryHeaders(0xec9000, (0x16), "<null>",
> 0xee4d18, 0x12f614 [6], 0x0 [0])
> 14:30:49.300 ::*0000001* :: WinHttpQueryHeaders() returning TRUE
> 14:30:51.238 ::*0000001* :: WinHttpCloseHandle(0xec9000)
> 14:30:51.238 ::*0000001* :: WinHttpCloseHandle() returning TRUE
> 14:30:51.238 ::*Session* :: WinHttpCloseHandle(0xec8000)
> 14:30:51.238 ::*Session* :: WinHttpCloseHandle() returning TRUE
> 14:30:51.238 ::*Session* :: WinHttpCloseHandle(0xec4000)
> 14:30:51.238 ::*Session* :: WinHttpCloseHandle() returning TRUE
- Previous message: Patrick Tronnier: "RE: 0x80090325 error when using a client cert path with no AIA extensi"
- In reply to: Patrick Tronnier: "0x80090325 error when using client cert without AIA in certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
