What software is sending User-Agent "Test Certificate Info"?

Question

Google is surprisingly mute on this issue.

In my company's web software error logs, we're seeing multiple individuals with an Apache access log entry that has this in it: ... HTTP/1.1" 500 - "-" "Test Certificate Info"

I have no clue what piece of software this comes from or why it's sending us requests with malformed URLs... but it'd be nice to find out... and perhaps to correct it if it's open source software. :)

(This might be a ServerFault question, but I'm a developer so I figured I'd ask here first.)

Answer 1

My guess someone read this and didn't end up changing the example code.

Answer 2

It's used in some sample code on an MSDN blog for getting SSL cert info. So basically it could be any C++ app which has lifted the code from there, or used that as a basis. Or any other app which happens to use the same UA string, of course.

The point in the sample is just to complete the SSL handshake so it can get certificate info, and it seems to pass in an awful lot of NULLs to HttpOpenRequest, so the error is to be expected and rather inconsequential.

Answer 3

For those of you that don't want your logs spammed with this script kiddie nonsense, you can add the following filteringRules to your web.config file to block the user agent entirely:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <filteringRules>
          <filteringRule name="Block Bad User Agent" scanUrl="false" scanQueryString="false">
            <scanHeaders>
              <add requestHeader="User-Agent" />
            </scanHeaders>
            <denyStrings>
              <add string="Test Certificate Info" />
            </denyStrings>
          </filteringRule>
        </filteringRules>
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>