1. 首页
  2. 问答
  3. .net标准2.0中的自签名证书

.net标准2.0中的自签名证书

2017-11-11 236 views
0

我的问题在.net标准2.0中具体提到,因为相同的代码似乎适用于.net框架,原因我并不完全确定。.net标准2.0中的自签名证书

问题是我想向使用自签名证书的服务器发出http请求。现在在.net框架(特别是4.6.1)中通过这种方式的方法是使用:

ServicePointManager.ServerCertificateValidationCallback = CustomValidation; 

public static bool CustomValidation 
      (object sender, 
      X509Certificate certificate, 
      X509Chain chain, 
      SslPolicyErrors policyErrors) 
     { 
      return true; 
     }

这就解决了这个问题。但是,在.net标准中这样做似乎是编译的,但同样的错误(WinHttpException - 发生安全错误)发生System.AggregateException HResult = 0x80131500 消息=发生了一个或多个错误。 (发送请求时发生错误。) Source = StackTrace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at matrix_tester.Program.Main(String [] args)in C:\内部异常1: HttpRequestException:发送请求时发生错误。

内部异常2: WinHttpException:安全出错

我在我的智慧在这里结束。 ServicePointManager是否不能用于.net标准?

来源

2017-11-11 Nick Buckner

+0

您是否发现了任何使用.NET标准2.0绕过自签名证书的解决方案? –

回答

0

ServicePointManager应该在2.0中可用。

免责声明。我不知道你的代码为什么不起作用。当我需要自动接受证书时,我总是使用黑客技术。它工作在2.0。但请记住,该脚本接受所有自签名证书,这是违反安全性的。自行决定使用。这是一个单身人士课程。只是把它在你的程序的开头是这样的:

Certificates.Instance.GetCertificatesAutomatically();

它应该在你的程序中工作。希望它能帮助你前进。

using System; 
using System.Collections.Generic; 
using System.Security; 
using System.Net; 
using System.Security.Cryptography.X509Certificates; 
using System.Security.Cryptography; 
using System.Net.Security; 

namespace test 
{ 
    public sealed class Certificates 
    { 
     private static Certificates instance = null; 
     private static readonly object padlock = new object(); 

     Certificates() 
     { 
     } 

     public static Certificates Instance 
     { 
      get 
      { 
       lock (padlock) 
       { 
        if (instance == null) 
        { 
         instance = new Certificates(); 
        } 
        return instance; 
       } 
      } 
     } 
     public void GetCertificatesAutomatically() 
     { 
      ServicePointManager.ServerCertificateValidationCallback += 
       new RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors) 
        => { return true; }); 
     } 

     private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
     { 
      //Return true if the server certificate is ok 
      if (sslPolicyErrors == SslPolicyErrors.None) 
       return true; 

      bool acceptCertificate = true; 
      string msg = "The server could not be validated for the following reason(s):\r\n"; 

      //The server did not present a certificate 
      if ((sslPolicyErrors & 
       SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable) 
      { 
       msg = msg + "\r\n -The server did not present a certificate.\r\n"; 
       acceptCertificate = false; 
      } 
      else 
      { 
       //The certificate does not match the server name 
       if ((sslPolicyErrors & 
        SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch) 
       { 
        msg = msg + "\r\n -The certificate name does not match the authenticated name.\r\n"; 
        acceptCertificate = false; 
       } 

       //There is some other problem with the certificate 
       if ((sslPolicyErrors & 
        SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors) 
       { 
        foreach (X509ChainStatus item in chain.ChainStatus) 
        { 
         if (item.Status != X509ChainStatusFlags.RevocationStatusUnknown && 
          item.Status != X509ChainStatusFlags.OfflineRevocation) 
          break; 

         if (item.Status != X509ChainStatusFlags.NoError) 
         { 
          msg = msg + "\r\n -" + item.StatusInformation; 
          acceptCertificate = false; 
         } 
        } 
       } 
      } 

      //If Validation failed, present message box 
      if (acceptCertificate == false) 
      { 
       msg = msg + "\r\nDo you wish to override the security check?"; 
       //   if (MessageBox.Show(msg, "Security Alert: Server could not be validated", 
       //      MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button1) == DialogResult.Yes) 
       acceptCertificate = true; 
      } 

      return acceptCertificate; 
     } 

    } 
}

来源

2017-11-11 17:01:40

+0

这似乎没有工作(虽然我看不出为什么),因为它似乎ServicePointManager.ServerCertificateValidationCallback + = 新的RemoteCertificateValidationCallback((发件人,证书,链,policyErrors) => {return true;});似乎并没有为我工作... –

+0

我在代表中打破了一个断点,应该打到,而不是? –

相关问题

 相关问题