1

(other than secure sockets and the underlying transport protocol, I mean)

I'm trying to implement the most basic HTTP server in C# (specifically, I'm trying to get my program to create a local socket listening on http://localhost:nnnn where nnnn is a custom port number, that responds as if it were a secure web server).

I've got the basic communications code working, accepting connections, receiving requests and responding to GET. I know this works in principle because if I point my brower to my listening socket via standard HTTP, it all works and it happily displays the web page I return.

But if I try and connect using HTTPS (I use a different port number), it connects, accepts and even gets the GET request OK - but despite me returning a response, the browser seems to hang, as if it is waiting for something else - and yet I receive nothing else as far as I know (I'm still listening for connections, in case it decided to make other connections).

My response is this: 

HTTP/1.1 200 OK
Host: localhost:4301
Date: <assume date is correctly formatted>
Content-Type: text/html; charset=us-ascii
Content-Length: 52
Connection: Keep-Alive

<html><head></head><body>Hello, World!</body></html>

As I said, this works fine for standard HTTP - the browser accepts it. I tried to include the header items I thought it might insist on (I also tried Connection: Close and forcibly terminating the connection - in that case the browser shows a connection problem. The GET it sent specified Keep-Alive, so I returned to that).

Is there something I'm missing to get the browser to accept the response for HTTPS like it did for HTTP?

If it helps, the GET request I receive for the HTTPS case is: 

GET /test.html?param1=Test HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: localhost:4301
Connection: Keep-Alive

Also, I'm using a self-signed cert created using MAKECERT - I have to accept warnings and force the browser to continue to the page because of this, but the point is, it does eventually send the GET request.

Improve this question
5
  • Are you certain that your server code is executed when the request is made? If you attach and debug, does it actually do anything? Also - you might have an issue with the port - while it's generally possible to get http traffic on almost any unused port - sometimes secure traffic will be restricted (that's patchy - but in our environment we have a corporate proxy that refuses to server https over any port other than 443 - causing issues for testing!) Commented Mar 7, 2012 at 9:57
  • 2
    Have you considered using Fiddler or WireShark to check the HTTPS traffic of another server? Commented Mar 7, 2012 at 9:58
  • @Andras - using breakpoints I can see it get as far as sending me the GET request, and I send the same reply back as I did for the non-secure version (via the SSL stream, of course, same way I received it). It never seems to send any further data (my handler for BeginRead() never fires again). Commented Mar 7, 2012 at 13:46
  • @weismat - I hadn't thought of that! I'll give it a bash. Thanks. Commented Mar 7, 2012 at 13:47
  • Sadly, WireShark doesn't work on localhost, RawCap (which it suggested) seems to only log UDP, and although Fiddler helps, it doesn't quite give me enough to understand. I see 'tunnel' lines for both browser to my code and browser to standard secure web address, and it even shows a 200 (but it calls it Connection Established rather than OK for tunnelling). For a normal secure web address, it then magically receives another reply, a standard 200 OK. Commented Mar 7, 2012 at 16:24

1 Answer 1

Reset to default
1

Ugh... embarrassing. Turns out I was sending my perfectly-formed response... on the wrong stream. I was sending it back on the standard NetworkStream object instead of the SslStream one. Funny how things work better when you code it properly {:v(

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.