I need to be able to read xml/rss from a https web site in a console program.
until now my program supports plain http, and i’ve been searching around but i cant seem to find an easy way to implement support for https.
It would not matter if the site has a valid certificate or not, but i would appriciate to get hints towards how i would check these certificates to.
I might not know too much about this so any hints are appriciated!
what i currently do for http is:
XmlTextReader rssReader;
XmlDocument rssDoc;
rssReader = new XmlTextReader(url);
rssDoc = new XmlDocument();
rssDoc.Load(rssReader);
When trying this on a site without a trusted certificate i get an error stating:
“The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”
string url = "https://somesite.com";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream resStream = response.GetResponseStream();
My program needs to support both trusted and untrusted https sites.
Program is running on a server, and hence has to handle the untrusted https sites in code.
For the certificate issue try the following…
…somewhere at the start – or before doing the request.
That’s basically validating any certificate unconditionally, a bit simplified.
EDIT: that’s ‘to blindly’ trust (and is of global character for your app) – proper implementation would handle the parameters – or entails implementing ICertificatePolicy to specifically deal with different hosts/certificates.
EDIT (certificates): as to how the certificates and SSL actually work – and related to the above (based on the comments/discussion)…
http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.html
How does SSL really work?
https://superuser.com/questions/84572/public-key-encryption