hi there,
I am using the Splunk Light Cloud service under trial mode to test and make sure i can do what i want with Splunk before purchasing.
if i create a standalone C# program to pump events to Splunk using the HTTP event collector (HEC), it all works fine when i provide the code in c# to ignore certs.
ServicePointManager.ServerCertificateValidationCallback = new
RemoteCertificateValidationCallback(
delegate { return true; }
);
However, when I use the exact same code from a WCF service, it always fails with error
The request was aborted: Could not
create SSL/TLS secure channel..
Looking at the network trace from System.Net, the issue is with the certificate of the https endpoint for HEC
System.Net Information: 0 : [3628] SecureChannel#3314304::.ctor(hostname=input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [3628] Enumerating security packages:
System.Net Information: 0 : [3628] Negotiate
System.Net Information: 0 : [3628] NegoExtender
System.Net Information: 0 : [3628] Kerberos
System.Net Information: 0 : [3628] NTLM
System.Net Information: 0 : [3628] TSSSP
System.Net Information: 0 : [3628] pku2u
System.Net Information: 0 : [3628] WDigest
System.Net Information: 0 : [3628] Schannel
System.Net Information: 0 : [3628] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [3628] CREDSSP
System.Net Information: 0 : [3628] SecureChannel#3314304 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [3628] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [3628] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3628] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=151, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [3628] Socket#16582792::Send()
System.Net.Sockets Verbose: 0 : [3628] Data from Socket#16582792::Send
System.Net.Sockets Verbose: 0 : [3628] 00000000 : 16 03 03 00 92 01 00 00-8E 03 03 58 9B 42 52 19 : ...........X.BR.
System.Net.Sockets Verbose: 0 : [3628] 00000010 : DD 35 0F 55 FE 35 FE 93-8C 57 F5 EB 90 34 78 FF : .5.U.5...W...4x.
System.Net.Sockets Verbose: 0 : [3628] 00000020 : 33 96 3E 89 8C 6F 70 22-76 92 4B 00 00 0E 00 2F : 3.>..op"v.K..../
System.Net.Sockets Verbose: 0 : [3628] 00000030 : 00 35 00 0A 00 3C 00 3D-00 9C 00 9D 01 00 00 57 : .5...<.=.......W
System.Net.Sockets Verbose: 0 : [3628] 00000040 : 00 00 00 2E 00 2C 00 00-29 69 6E 70 75 74 2D 70 : .....,..)input-p
System.Net.Sockets Verbose: 0 : [3628] 00000050 : 72 64 2D 70 2D 6B 71 63-6D 74 67 71 67 77 62 7A : rd-p-kqcmtgqgwbz
System.Net.Sockets Verbose: 0 : [3628] 00000060 : 78 2E 63 6C 6F 75 64 2E-73 70 6C 75 6E 6B 2E 63 : x.cloud.splunk.c
System.Net.Sockets Verbose: 0 : [3628] 00000070 : 6F 6D 00 0D 00 14 00 12-06 01 06 03 04 01 05 01 : om..............
System.Net.Sockets Verbose: 0 : [3628] 00000080 : 02 01 04 03 05 03 02 03-02 02 00 23 00 00 00 17 : ...........#....
System.Net.Sockets Verbose: 0 : [3628] 00000090 : 00 00 FF 01 00 01 00 : .......
System.Net.Sockets Verbose: 0 : [3628] Exiting Socket#16582792::Send() -> Int32#151
System.Net.Sockets Verbose: 0 : [3628] Socket#16582792::Receive()
System.Net.Sockets Verbose: 0 : [3628] Data from Socket#16582792::Receive
System.Net.Sockets Verbose: 0 : [3628] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [3628] Exiting Socket#16582792::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [3628] Socket#16582792::Receive()
System.Net.Sockets Verbose: 0 : [3628] Data from Socket#16582792::Receive
System.Net.Sockets Verbose: 0 : [3628] 00000005 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [3628] Exiting Socket#16582792::Receive() -> Int32#2
System.Net Information: 0 : [3628] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1a9d4c90:542a58ac90, targetName = input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3628] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [3628] Socket#16582792::Dispose()
System.Net Error: 0 : [3628] Exception in HttpWebRequest#49840803:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [3628] Exception in HttpWebRequest#49840803::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
System.Net.Sockets Verbose: 0 : [9168] Socket#33711845::Send()
any ideas on how to get around this?
thanks in advance!
... View more