H
Huygens Fr?d?ric
Hello there,
I suppose we are missing something, but I really cannot pinpoint what
it is.
Any help would be greatly appreciated and would be beneficial to the
community I think.
Problem description:
Query Web service is not working in SSL (mutual only, works in
anonymous). On click on the Query button Infopath immediately displays
"Infopath cannot run the specified query.", with, under Show Details,
"InfoPath either cannot connect to the data source, the service has
timed out, or the server has an invalid certificate.".
More info about our test:
When not using infopath, but a IE 6.0 browser with the same CSP,
client certificate, server certificate and ssl server, the problem
doesn't appear and we see the browser's "certificate selection
window". This rules out any problem linked to the CSP, the client
cert, the server cert and ssl server.
The Web service is launched by clicking the "Run Query" button that is
automatically generated by InfoPath on completion of the Data
Connection Wizard.
More details about the used Data Connection:
- initiated by "New from Data Connection"
- selection of the option "Web service" then the option "Receive data"
- as Web service location, we specified the path of the applicable
WSDL file (= the file in attachment)
- when we need to update the server URL we do the change in the .WSDL
and then we execute either the menu entry "Modify" under "Data
Connections" either the menu entry "Convert Main Data Source"
the address inside the certificateis identical to the address used for
connection in the "https".
Server side Openssl used for mutual ssl: 0.9.7d
When looking @ the mutual SSL handshaking trace (server side).
- Infopath passes the part of the ssl protocol that is common to
anonymous and mutual ssl (this seem to rule out "the server has an
invalid certificate" error message).
- the problem arises when the ssl server request the client
certificate: whe infopath receives this, it answers with an "EOF".
WSDL description:
<?xml version="1.0" encoding="UTF-8" ?>
- <wsdl:definitions name="PKIGatewayService"
targetNamespace="http://ws.gateway.pki.isabel.be"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://ws.gateway.pki.isabel.be"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
- <wsdl:types>
- <xsd:schema elementFormDefault="qualified"
targetNamespace="http://ws.gateway.pki.isabel.be"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="mainServiceRequestElem" type="xsd:string" />
<xsd:element name="mainServiceResponseElem" type="xsd:string" />
</xsd:schema>
</wsdl:types>
- <wsdl:message name="mainServiceResponse">
<wsdl
art name="mainService_out"
element="tns:mainServiceResponseElem" />
</wsdl:message>
- <wsdl:message name="mainServiceRequest">
<wsdlart name="mainService_in"
element="tns:mainServiceRequestElem" />
</wsdl:message>
- <wsdlortType name="PKIGatewayServicePortType">
- <wsdlperation name="mainService">
<wsdl:input name="mainServiceRequest"
message="tns:mainServiceRequest" />
<wsdlutput name="mainServiceResponse"
message="tns:mainServiceResponse" />
</wsdlperation>
</wsdlortType>
- <wsdl:binding name="PKIGatewayServicePortBinding"
type="tnsKIGatewayServicePortType">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdlperation name="mainService">
<soapperation soapAction="" style="document" />
- <wsdl:input name="mainServiceRequest">
<soap:body parts="mainService_in" use="literal" />
</wsdl:input>
- <wsdlutput name="mainServiceResponse">
<soap:body parts="mainService_out" use="literal" />
</wsdlutput>
</wsdlperation>
</wsdl:binding>
- <wsdl:service name="PKIGatewayService">
- <wsdlort name="PKIGatewayServicePort"
binding="tnsKIGatewayServicePortBinding">
<soap:address location="https://192.168.124.224:9080/PKIGatewayService/services/PKIGatewayServicePort"
/>
</wsdlort>
</wsdl:service>
</wsdl:definitions>
GreetingZ
Fred
I suppose we are missing something, but I really cannot pinpoint what
it is.
Any help would be greatly appreciated and would be beneficial to the
community I think.
Problem description:
Query Web service is not working in SSL (mutual only, works in
anonymous). On click on the Query button Infopath immediately displays
"Infopath cannot run the specified query.", with, under Show Details,
"InfoPath either cannot connect to the data source, the service has
timed out, or the server has an invalid certificate.".
More info about our test:
When not using infopath, but a IE 6.0 browser with the same CSP,
client certificate, server certificate and ssl server, the problem
doesn't appear and we see the browser's "certificate selection
window". This rules out any problem linked to the CSP, the client
cert, the server cert and ssl server.
The Web service is launched by clicking the "Run Query" button that is
automatically generated by InfoPath on completion of the Data
Connection Wizard.
More details about the used Data Connection:
- initiated by "New from Data Connection"
- selection of the option "Web service" then the option "Receive data"
- as Web service location, we specified the path of the applicable
WSDL file (= the file in attachment)
- when we need to update the server URL we do the change in the .WSDL
and then we execute either the menu entry "Modify" under "Data
Connections" either the menu entry "Convert Main Data Source"
the address inside the certificateis identical to the address used for
connection in the "https".
Server side Openssl used for mutual ssl: 0.9.7d
When looking @ the mutual SSL handshaking trace (server side).
- Infopath passes the part of the ssl protocol that is common to
anonymous and mutual ssl (this seem to rule out "the server has an
invalid certificate" error message).
- the problem arises when the ssl server request the client
certificate: whe infopath receives this, it answers with an "EOF".
WSDL description:
<?xml version="1.0" encoding="UTF-8" ?>
- <wsdl:definitions name="PKIGatewayService"
targetNamespace="http://ws.gateway.pki.isabel.be"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://ws.gateway.pki.isabel.be"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
- <wsdl:types>
- <xsd:schema elementFormDefault="qualified"
targetNamespace="http://ws.gateway.pki.isabel.be"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="mainServiceRequestElem" type="xsd:string" />
<xsd:element name="mainServiceResponseElem" type="xsd:string" />
</xsd:schema>
</wsdl:types>
- <wsdl:message name="mainServiceResponse">
<wsdl
art name="mainService_out"element="tns:mainServiceResponseElem" />
</wsdl:message>
- <wsdl:message name="mainServiceRequest">
<wsdl
art name="mainService_in"element="tns:mainServiceRequestElem" />
</wsdl:message>
- <wsdl
ortType name="PKIGatewayServicePortType">- <wsdl
peration name="mainService"><wsdl:input name="mainServiceRequest"
message="tns:mainServiceRequest" />
<wsdl
utput name="mainServiceResponse"message="tns:mainServiceResponse" />
</wsdl
peration></wsdl
ortType>- <wsdl:binding name="PKIGatewayServicePortBinding"
type="tns
KIGatewayServicePortType"><soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl
peration name="mainService"><soap
peration soapAction="" style="document" />- <wsdl:input name="mainServiceRequest">
<soap:body parts="mainService_in" use="literal" />
</wsdl:input>
- <wsdl
utput name="mainServiceResponse"><soap:body parts="mainService_out" use="literal" />
</wsdl
utput></wsdl
peration></wsdl:binding>
- <wsdl:service name="PKIGatewayService">
- <wsdl
ort name="PKIGatewayServicePort"binding="tns
KIGatewayServicePortBinding"><soap:address location="https://192.168.124.224:9080/PKIGatewayService/services/PKIGatewayServicePort"
/>
</wsdl
ort></wsdl:service>
</wsdl:definitions>
GreetingZ
Fred