我想建立一个SSL连接,但实际上并不了解有关SSL握手规则和生命周期的所有信息。我写一个代码为什么remoteCertificate参数在LocalCertificateSelectionCallback方法中是空的?
void main()
{
TcpClient client = new TcpClient("192.168.1.160", 4113);
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
new LocalCertificateSelectionCallback(localCertSelection)
);
sslStream.AuthenticateAsClient(serverName);
}
public X509Certificate localCertSelection(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
{// why here 'remoteCertificate' parameter is empty? 'acceptableIssuers' and 'localCertificates' too
string cert = "MIIEwjCCA6qgAwIBAgIBADANBgkqhkiG9w...";
X509Certificate clientCert = new X509Certificate(System.Text.Encoding.ASCII.GetBytes(cert));
return clientCert;
}
public bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
// 'certificate' has data now. it has come from server
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
当我运行的代码,程序流程首先前进到“localCertSelection”方法,然后进行到“ValidateServerCertificate”方法。 'localCertSelection'方法'remoteCertificate'中的
是空的,但是在'ValidateServerCertificate'方法'certificate'中有数据。它来自服务器,但为什么 'sslPolicyErrors'是'RemoteCertificateNameMismatch | RemoteCertificateChainErrors'? 有什么不对?我必须做什么?