1. 首頁
  2. 問答
  3. .net標準2.0中的自簽名證書

.net標準2.0中的自簽名證書

2017-11-11 235 views
0

我的問題在.net標準2.0中具體提到,因爲相同的代碼似乎適用於.net框架,原因我並不完全確定。.net標準2.0中的自簽名證書

問題是我想向使用自簽名證書的服務器發出http請求。現在在.net框架(特別是4.6.1)中通過這種方式的方法是使用:

ServicePointManager.ServerCertificateValidationCallback = CustomValidation; 

public static bool CustomValidation 
      (object sender, 
      X509Certificate certificate, 
      X509Chain chain, 
      SslPolicyErrors policyErrors) 
     { 
      return true; 
     }

這就解決了這個問題。但是,在.net標準中這樣做似乎是編譯的,但同樣的錯誤(WinHttpException - 發生安全錯誤)發生System.AggregateException HResult = 0x80131500 消息=發生了一個或多個錯誤。 (發送請求時發生錯誤。) Source = StackTrace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at matrix_tester.Program.Main(String [] args)in C:\內部異常1: HttpRequestException:發送請求時發生錯誤。

內部異常2: WinHttpException:安全出錯

我在我的智慧在這裏結束。 ServicePointManager是否不能用於.net標準?

來源

2017-11-11 Nick Buckner

+0

您是否發現了任何使用.NET標準2.0繞過自簽名證書的解決方案? –

回答

0

ServicePointManager應該在2.0中可用。

免責聲明。我不知道你的代碼爲什麼不起作用。當我需要自動接受證書時,我總是使用黑客技術。它工作在2.0。但請記住,該腳本接受所有自簽名證書,這是違反安全性的。自行決定使用。這是一個單身人士課程。只是把它在你的程序的開頭是這樣的:

Certificates.Instance.GetCertificatesAutomatically();

它應該在你的程序中工作。希望它能幫助你前進。

using System; 
using System.Collections.Generic; 
using System.Security; 
using System.Net; 
using System.Security.Cryptography.X509Certificates; 
using System.Security.Cryptography; 
using System.Net.Security; 

namespace test 
{ 
    public sealed class Certificates 
    { 
     private static Certificates instance = null; 
     private static readonly object padlock = new object(); 

     Certificates() 
     { 
     } 

     public static Certificates Instance 
     { 
      get 
      { 
       lock (padlock) 
       { 
        if (instance == null) 
        { 
         instance = new Certificates(); 
        } 
        return instance; 
       } 
      } 
     } 
     public void GetCertificatesAutomatically() 
     { 
      ServicePointManager.ServerCertificateValidationCallback += 
       new RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors) 
        => { return true; }); 
     } 

     private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
     { 
      //Return true if the server certificate is ok 
      if (sslPolicyErrors == SslPolicyErrors.None) 
       return true; 

      bool acceptCertificate = true; 
      string msg = "The server could not be validated for the following reason(s):\r\n"; 

      //The server did not present a certificate 
      if ((sslPolicyErrors & 
       SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable) 
      { 
       msg = msg + "\r\n -The server did not present a certificate.\r\n"; 
       acceptCertificate = false; 
      } 
      else 
      { 
       //The certificate does not match the server name 
       if ((sslPolicyErrors & 
        SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch) 
       { 
        msg = msg + "\r\n -The certificate name does not match the authenticated name.\r\n"; 
        acceptCertificate = false; 
       } 

       //There is some other problem with the certificate 
       if ((sslPolicyErrors & 
        SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors) 
       { 
        foreach (X509ChainStatus item in chain.ChainStatus) 
        { 
         if (item.Status != X509ChainStatusFlags.RevocationStatusUnknown && 
          item.Status != X509ChainStatusFlags.OfflineRevocation) 
          break; 

         if (item.Status != X509ChainStatusFlags.NoError) 
         { 
          msg = msg + "\r\n -" + item.StatusInformation; 
          acceptCertificate = false; 
         } 
        } 
       } 
      } 

      //If Validation failed, present message box 
      if (acceptCertificate == false) 
      { 
       msg = msg + "\r\nDo you wish to override the security check?"; 
       //   if (MessageBox.Show(msg, "Security Alert: Server could not be validated", 
       //      MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button1) == DialogResult.Yes) 
       acceptCertificate = true; 
      } 

      return acceptCertificate; 
     } 

    } 
}

來源

2017-11-11 17:01:40

+0

這似乎沒有工作(雖然我看不出爲什麼),因爲它似乎ServicePointManager.ServerCertificateValidationCallback + = 新的RemoteCertificateValidationCallback((發件人,證書,鏈,policyErrors) => {return true;});似乎並沒有爲我工作... –

+0

我在代表中打破了一個斷點,應該打到,而不是? –

相關問題

 相關問題