What software is sending User-Agent "Test Certificate Info"?
It's used in some sample code on an MSDN blog for getting SSL cert info. So basically it could be any C++ app which has lifted the code from there, or used that as a basis. Or any other app which happens to use the same UA string, of course.
The point in the sample is just to complete the SSL handshake so it can get certificate info, and it seems to pass in an awful lot of NULL
s to HttpOpenRequest
, so the error is to be expected and rather inconsequential.
For those of you that don't want your logs spammed with this script kiddie nonsense, you can add the following filteringRules to your web.config file to block the user agent entirely:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<filteringRules>
<filteringRule name="Block Bad User Agent" scanUrl="false" scanQueryString="false">
<scanHeaders>
<add requestHeader="User-Agent" />
</scanHeaders>
<denyStrings>
<add string="Test Certificate Info" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
</system.webServer>
</configuration>
My guess someone read this and didn't end up changing the example code.