Web domain inaccesible, need opinions on why

Talk about anything
User avatar
Drugwash
Posts: 560
Joined: 29 May 2014, 21:07
Location: Ploieşti, Romania
Contact:

Web domain inaccesible, need opinions on why

30 Dec 2017, 12:27

Hi folks!

Long story short, while testing an AHK_L script that downloads a web page through a WinHttpRequest.5.1 object I am getting consistent 0x80020009 errors on a certain domain, namely www.rottentomatoes.com. Other tested domains work fine. Upon firing up IE8 on that XP-SP3 system the same happens: domain is unreachable.
However, on the same machine both QtWeb 3.8.5 and Pale Moon 25.8.1 (Atom-XP) can access that domain without issues and so can another networked XP machine - through a shared connection on the former one - using Pale Moon 25.8.1 (Atom-XP version). IE8 and Safari both can't access that domain on the latter machine either. Even a Linux Mint 17.2 can access that domain through the same connection, while running that script under WINE 2.4 and AHK_L 1.1.27.0, so I'd rule out any common blockage on that particular machine - it must be something particular to IE(8).

I have installed OpenSSL 1.0.2n and 1.1.0g on both machines but still no go. Checked HOSTS file for possible blocks, checked IE Untrusted zone on both machines, added the rottentomatoes.com domain to Trusted zone in IE settings on former machine - to no avail.

Could anyone (using XP) test and confirm, or offer a hint/explanation, why that particular domain can't be reached through native IE on XP? Since my script is using the underlying IE infrastructure I need to make sure other users can access all possible domains, especially if those domains are accessible in other browsers. I'd be grateful for any help on this matter. Thank you.
Guest

Re: Web domain inaccesible, need opinions on why

30 Dec 2017, 12:48

Long story short, while testing an AHK_L script that downloads a web page through a WinHttpRequest.5.1 object I am getting consistent 0x80020009 errors on a certain domain, namely http://www.rottentomatoes.com.


The site uses an sha256 certificate, which as far as I know XP's Schannel has problems with. Find a proxy workaround here: https://www.msfn.org/board/topic/176344 ... ls/?page=5

(And you might consider updating the root certificates too: https://www.msfn.org/board/topic/175170 ... p/?page=10)

Drugwash wrote:However, on the same machine both QtWeb 3.8.5 and Pale Moon 25.8.1 (Atom-XP) can access that domain without issues and so can another networked XP machine - through a shared connection on the former one - using Pale Moon 25.8.1 (Atom-XP version).


I don't know about QtWeb, but Mozilla Firefox / Pale Moon works independent of the system certificate store and presumably, the native SSL library. (Also: Pale Moon 27 for XP can be found here: https://www.msfn.org/board/topic/177125 ... on-for-xp/)

I have installed OpenSSL 1.0.2n and 1.1.0g on both machines but still no go.


OpenSSL won't help any; the native Windows SSL/TLS implementation is provided by Microsoft's SChannel.
User avatar
Drugwash
Posts: 560
Joined: 29 May 2014, 21:07
Location: Ploieşti, Romania
Contact:

Re: Web domain inaccesible, need opinions on why

30 Dec 2017, 15:12

Thank you for providing the details. Root certificates update did not help.
Can't ask potential users to jump through hoops to reach some whatever site - if it won't work then that site may go to hell for what I care.
So I guess that's it. Thanks again, I won't be wasting any more time with this issue.
Guest

Re: Web domain inaccesible, need opinions on why

30 Dec 2017, 15:31

Hi,

Sorry, I know there's an issue with certificates that XP encounters with the modern web somewhere (as evidenced by the MSDN thread), but I'm curious: does this website, autohotkey.com, work for you in IE? This side uses uses a sha256ECDSA certificate which is the most likely to give XP problems, I think. RT uses a sha256RSA certificate, I think RSA is pretty ubiquitous in the realm of certificates, it seems unlikely XP wouldn't support it. If this site works for you in IE, then the reasons I gave earlier are definitely bogus.

Depending on what you are doing with WinHttpRequest, https://github.com/tmplinshi/libcurl-test might work instead (an XP build linking to OpenSSL must be out there. You can get an updated CRT file for it from the cURL site or any Linux distribution's ca-certificates package.
User avatar
Drugwash
Posts: 560
Joined: 29 May 2014, 21:07
Location: Ploieşti, Romania
Contact:

Re: Web domain inaccesible, need opinions on why

30 Dec 2017, 19:06

The AHK domain indeed issues a warning in IE8 but it does offer the option to continue to the site, whereas RT just bugs out without any warning.

In my script I'm just downloading the web page and then parse it looking for certain tags that are then processed and information is displayed in the GUI. You can find the script at my cloud repository here.

Thing is, I built this script for a friend that uses Linux so it's gonna be run under WINE which employs a Gecko engine instead of IE but since it's public other people may use it too and its usage should be consistent on any and all machines without requiring extra installations. Initially it was meant only for YouTube video links but I extended it to Vimeo and now also IMDb and some local movie advertiser (Cinemagia.ro); I was hoping Rotten Tomatoes would fit in too but apparently their a$$ is too tight. Oh well…

Return to “Offtopic”

Who is online

Users browsing this forum: No registered users and 6 guests