我正在尝试与我的个人聊天服务器建立SSL/TLS连接。
我的代码段如下
public void StartAuthentication(XMPPConnection connection)
{
NetworkStream networkStream = new NetworkStream(connection._sock);
_sslStream = new SslStream(networkStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback));
X509CertificateCollection collection = new X509CertificateCollection();
collection.Add(new X509Certificate(@"D:\ca-certs\AddTrust_External_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\America_Online_Root_Certification_Authority_1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\AOL_Member_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Baltimore_CyberTrust_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Class3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Deutsche_Telekom_Root_CA_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceCA-3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceEVRootCA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_2048.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_Secure_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Go_Daddy_Class_2_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\GTE_CyberTrust_Global_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Internet_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Secure_Server_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\StartCom_Certification_Authority.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Premium_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Primary_Root_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\ValiCert_Class_2_VA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Verisign_Class3_Primary_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_International_Server_Class_3_CA.pem"));
try
{
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
执行程序后
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
主线程块。可能为此,ssl握手无法启动。现在告诉我为什么主线程块。感谢
答案 0 :(得分:1)
我不太了解C#,但是从AuthenticateAsClient的文档中,它在这里需要您使用的客户端证书来对SSL服务器进行身份验证。这些必须有私钥,否则你不能使用它们。但是,您用作证书的是受信任的根证书,它用于检查服务器的证书以及您没有私钥的位置。
也许您需要让自己更熟悉SSL的基础知识,例如:谁使用哪些证书以及为何等等。
答案 1 :(得分:-1)
X509Certificate2Collection certificates = new X509Certificate2Collection();
certificates.Import(**uri**, **CertPass**, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(host);
req.AllowAutoRedirect = true;
req.ClientCertificates = certificates;
req.Method = "GET";
req.ContentType = "application/x-www-form-urlencoded";
WebResponse resp = req.GetResponse();
var html = new StreamReader(resp.GetResponseStream()).ReadToEnd();