我想验证服务器颁发的证书是否有效,并提醒用户选择是否无法验证。目前似乎所有证书都被提琴手接受而没有提醒用户。有机制吗?也许在fiddler核心示例项目中找到的以下代码中。我想提醒用户使用不受信任的根目录的自签名证书。
static void CheckCert(object sender, ValidateServerCertificateEventArgs e)
{
if (null != e.ServerCertificate)
{
Console.WriteLine("Certificate for " + e.ExpectedCN + " was for site " + e.ServerCertificate.Subject + " and errors were " + e.CertificatePolicyErrors.ToString());
if (e.ServerCertificate.Subject.Contains("fiddler2.com"))
{
Console.WriteLine("Got a certificate for fiddler2.com. We'll say this is also good for any other site, like https://fiddlertool.com.");
e.ValidityState = CertificateValidity.ForceValid;
}
}
}
答案 0 :(得分:2)
默认情况下,除非您设置Fiddler.CONFIG.IgnoreServerCertErrors = true;
但是,这意味着FiddlerCore会拒绝自签名证书,并且由于FiddlerCore没有显示允许用户覆盖的UI,因此这是一个问题。
解决此问题的方法是使用实现证书验证事件处理程序:FiddlerApplication.OnValidateServerCertificate += new System.EventHandler<ValidateServerCertificateEventArgs>(CheckCert);
在处理程序内部,您可以执行以下操作:
private void CheckCert(object sender, ValidateServerCertificateEventArgs e)
{
if (SslPolicyErrors.None == e.CertificatePolicyErrors)
{
return;
}
DialogResult oResult = MessageBox.Show("Accept invalid certificate\nYOUR DETAILS HERE", "Certificate Warning", MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button2));
if (DialogResult.Yes == oResult)
{
e.ValidityState = CertificateValidity.ForceValid;
}
else
{
e.ValidityState = CertificateValidity.ForceInvalid;
}
您通常还希望缓存用户的选择,以避免在每个连接上提示它们。
有关详细信息,请参阅http://fiddler2.com/blog/blog/2013/01/03/evaluating-certificates-in-fiddler-and-fiddlercore,包括完整示例。