1
我有2个由相同证书颁发机构颁发的客户端身份验证证书。其中一人让我连接到一个HTTPS web服务,但其他没有,当我使用类似下面的代码:SSL握手超时
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(endPointUrl);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.MaxAllowed);
X509CertificateCollection col = (X509CertificateCollection)store.Certificates.Find(X509FindType.FindBySerialNumber, certificateSerialNumber, true);
httpWebRequest.ClientCertificates.Add(col[0]);
httpWebRequest.Method = "POST";
httpWebRequest.ContentType = contentType;
httpWebRequest.KeepAlive = false;
httpWebRequest.Timeout = 3000;
httpWebRequest.ContentLength = message.Length;
httpRequestStream = httpWebRequest.GetRequestStream();
当试图获得请求的流,我得到一个InvalidOperationException与消息“操作已超时“。
我在尝试连接失败的证书时使用了System.Net.trace,并且日志在“尝试使用用户提供的证书重新启动会话”和第一个InitializeSecurityContext之后显示连接超时。
Wireshark的显示如下内容:
"TCP","j-link > https [SYN] Seq=0 Win=65535 Len=0 MSS=1260 SACK_PERM=1"
"TCP","https > j-link [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1380"
"TCP","j-link > https [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"TLSv1","Client Hello"
"TLSv1","Server Hello"
"TCP","[TCP segment of a reassembled PDU]"
"TCP","j-link > https [ACK] Seq=78 Ack=2521 Win=65535 Len=0"
"TLSv1","Certificate, Certificate Request, Server Hello Done"
"TCP","j-link > https [ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","j-link > https [FIN, ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","https > j-link [ACK] Seq=3187 Ack=79 Win=32768 Len=0"
"TLSv1","Alert (Level: Warning, Description: Close Notify)"
"TCP","j-link > https [RST, ACK] Seq=79 Ack=3194 Win=0 Len=0"
我可以导出它们,并将它们转换为PEM格式之后,使用两个证书使用OpenSSL从命令行连接。
任何建议将不胜感激。