我正在创建一个需要加密连接的应用程序,并且遇到了问题。我从同一台计算机上运行客户端和服务器。如果我没有SSL连接(通过TCPClient和TCPListener,一切都很好。但是,使用SSLStream class一直给我SocketException 0x80004005“连接主动拒绝”。我一直在寻找其他帖子,我不能似乎找出了我的问题。
客户端:
private void okButton_Click(object sender, RoutedEventArgs e)
{
string serverCertName = COMPUTER_NAME;
string machineName = "127.0.0.1";
SslStream stream = runClient(machineName, serverCertName, int.Parse(clientPort.Text));
if (stream.CanWrite)
{
MessageBox.Show("We can write to the stream. We have a connection!");
}
splitFile(this.sourceName);
}
public static bool ValidateServerCertificate(
object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
//disallow communication with unauthenticated servers
return false;
}
public static SslStream runClient(string machineName, string serverName, int port)
{
//create client socket, machineName is the host running the server
//THIS IS WHERE EVERYTHING FAILS
TcpClient client = new TcpClient(machineName, port);
SslStream sslStream = new SslStream(client.GetStream(),
false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
//server should match that is on that server cert
try
{
sslStream.AuthenticateAsClient(serverName);
}
catch (AuthenticationException e)
{
if (e.InnerException != null)
{
}
client.Close();
return null;
}
//encode message as byte array for testing, etc
return sslStream;
}
服务器:
static X509Certificate serverCertificate = null;
private void Window_Loaded(object sender, RoutedEventArgs e)
{
IPAddress ip = IPAddress.Parse("127.0.0.1");
int port = 13000;
string certificate = COMPUTER_NAME;
runServer(ip, port, certificate);
}
/// Start the ssl tcp listener
public static void runServer(IPAddress ip, int port, string certificate)
{
serverCertificate = X509Certificate.CreateFromCertFile(certificate);
TcpListener listener = new TcpListener(IPAddress.Any, port);
listener.Start();
while (true)
{
TcpClient client = listener.AcceptTcpClient();
processClient(client);
}
}
//executes if a client has connected. Create the SslStream using the connected client's stream
static void processClient(TcpClient client)
{
SslStream sslStream = new SslStream(client.GetStream(), false);
//authenticate the server, but doesn't require the client to authenticate
try
{
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
//set timeouts to 5 seconds. Seems like a long time. If nothing happens after 5 sec it won't happen
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
string data = readMessage(sslStream);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
sslStream.Close();
client.Close();
}
}
我对C#中的TCP / IP连接不熟悉,所以我完全有可能做一些愚蠢,错误或过于复杂的事情。我发现(通过堆栈溢出)SslStream是要走的路,但我似乎无法让它工作。有人有什么想法吗?我非常感谢你的帮助。
提前多多谢谢你!
答案 0 :(得分:1)
我认为您尝试作为客户端进行身份验证,但您的服务器未作为服务器进行身份验证。尝试并确保这种情况同时发生,并且应该可以正常工作。