Does changing SSL Cert on a server break code?

Question

EDIT: What should I use to catch the error?

I have this where it fails to connect for an error message and defaults to a generic message.

public string ResponseError {
            get {
                string retVal = "";
                try { 
                    retVal = xmlElements.GetElementValue( FullResponse, "/VancoWS/Response/Errors/Error/ErrorDescription" ); 
                } catch {
                    retVal = "There has been a problem processing your request.  Please try again!";
                }
                return retVal;
            }
        }

A payment gateway said they made a change to their SSL Cert and since then our web application has not made a successful connection. The code was written in VS.NET 2008 .NET 3.5 I believe in C#. From what I can tell this looks like the code making the connection:

/* Method to perform web post */
        private void SendBuffer(string strXml, out string fullResponse, out bool success)
        {

            String BaseAddress = Url + "?xml=";

            try
            {
                System.Net.WebClient objRequest = new System.Net.WebClient();
                objRequest.Encoding = System.Text.Encoding.ASCII;
                byte[] buffer = System.Text.Encoding.ASCII.GetBytes(strXml);

                byte[] responseBuffer = objRequest.UploadData(BaseAddress, "POST", buffer);

                fullResponse = System.Text.Encoding.ASCII.GetString(responseBuffer);
                success = true;
            }
        catch (Exception ex)
        {
            fullResponse = ex.ToString();
            success = false;
        }
        }

The payment gateway says they are not getting any connections from our server to theirs. I contacted out webhost and they said they have not changed anything to block connections.

The host says they could access the URL fine with no invalid certificate.

URL in question: https://www.vancoservices.com/cgi-bin/ws2.vps

They also are still running SSLv3 so it's not a problem with protocol change or being forced to TLS 1.x

Any ideas as to what would break this?

Answer 1

Looks like they have set up a certificate which is either not signed by a valid authority or your web server doesn't have the authority that signed this certificate in its trusted CA.

To understand whether it is a problem with the certificate you may try connecting to the webserver that is executing this code, opening a webbrowser and attempting to connect to the address. The browser will tell you whether the certificate is valid or not (probably you will get a warning if it is not).

If you want to disable certificate validations in your code you may try the following:

System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

Obviously this is not something you wanna be doing with a Production system, but you could just experiment with it to know whether it is a problem with the SSL certificate they set up and if it is self signed.

Answer 2

The "try" clause around the code is hiding any errors that are happening. One thing you could try is commenting out the try statement allowing the code to break and fall over with an error:

// try
{
    ...
}

or add a catch clause:

try
{
   ...
}
catch (Exception ex)
{
    Console.WriteLine(ex.ToString());
}

Answer 3

just add the following to your config and change the log file path. this will give a sense if handshake/validation for cert is happening

http://msdn.microsoft.com/en-us/library/ty48b824(v=vs.110).aspx