Question

我使用sslStream创建了一个客户端服务器套接字连接，但是当代码到达 AuthenticateAsServer 时，服务器上有一个例外我在网上搜索但是我找不到一个好的答案为什么呢发生。我在我的项目中制作了.pfx测试文件，并为它制作了一个简单的密码。我不知道问题是否来自档案。

该异常符合：sslStream.AuthenticateAsServer（certificate）;

基本例外是：对sspi的调用失败

内部异常是：客户端和服务器无法通信，因为它们没有通用算法

服务器有点长，我添加了异常发生的代码部分和所有客户端代码：

这是服务器：

 public void AcceptCallBack(IAsyncResult ar) 
        {
        //    clients.Add(new myClient(server.EndAccept(ar)));
        //    try
       //     {
                myClient c = new myClient();

               // Socket handle = (Socket)ar.AsyncState;
                TcpListener handle = (TcpListener)ar.AsyncState;
                byte[] buff=new byte[2048] ;
               // Socket hand = handle.EndAccept(out buff,ar);
                TcpClient hand = handle.EndAcceptTcpClient(ar);
                dowork.Set();
                c.tcp = hand;
                clients.Add(c);
               // hand.BeginReceive(c.buffer, 0, c.buffer.Length, SocketFlags.None, new AsyncCallback(receiveIDCallBack), c);
                using (SslStream sslStream = new SslStream(hand.GetStream()))
                {
                    sslStream.AuthenticateAsServer(certificate);
                    // ... Send and read data over the stream
                    sslStream.BeginWrite(buff,0,buff.Length,new AsyncCallback(sendCallBack),c);
                    count++;
                    sslStream.BeginRead(c.buffer,0,c.buffer.Length,new AsyncCallback(receiveIDCallBack),c);
                }
       //     }
         //   catch(Exception)
          //  {

         //   }
        }//end of acceptcallback function

这是客户：

using UnityEngine;
using System.Collections;
using System;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Net.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
public class sslCode : MonoBehaviour {


   // private Socket _clientSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
    private byte[] _recieveBuffer = new byte[8142];

   static string server = "127.0.0.1";
    TcpClient client;

    public string message;
    public string receive;
    public string send;
    private void SetupServer()
    {
        try
        {

           // client.Connect(new IPEndPoint(IPAddress.Parse("127.0.0.1"), 1500));
            client = new TcpClient(server,1500);
            message = "connected";
        }
        catch (SocketException ex)
        {
            Debug.Log(ex.Message);
            message = ex.Message;
        }

       // _clientSocket.BeginReceive(_recieveBuffer, 0, _recieveBuffer.Length, SocketFlags.None, new AsyncCallback(ReceiveCallback), null);
        // Create a secure stream
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
            new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
            sslStream.AuthenticateAsClient(server);

            // ... Send and read data over the stream
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback),null);
        }

    }

    private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        throw new NotImplementedException();
    }// end of setup server

    private void ReceiveCallback(IAsyncResult AR)
    {
        //Check how much bytes are recieved and call EndRecieve to finalize handshake
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
       new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
            sslStream.AuthenticateAsClient(server);
            // ... Send and read data over the stream


            int recieved = sslStream.EndRead(AR);

            if (recieved <= 0)
                return;

            //Copy the recieved data into new buffer , to avoid null bytes
            byte[] recData = new byte[recieved];
            Buffer.BlockCopy(_recieveBuffer, 0, recData, 0, recieved);

            //Process data here the way you want , all your bytes will be stored in recData

            receive = Encoding.ASCII.GetString(recData);

            //Start receiving again
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback), null);
        }
    }// end of receiveCallBack

    private void SendData(string dd)
    {
        using (SslStream sslStream = new SslStream(client.GetStream(), false,
       new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
        {
          sslStream.AuthenticateAsClient(server);

            // ... Send and read data over the stream

            byte[] data = Encoding.ASCII.GetBytes(dd);
            SocketAsyncEventArgs socketAsyncData = new SocketAsyncEventArgs();
            socketAsyncData.SetBuffer(data, 0, data.Length);
           sslStream.BeginWrite(data,0,data.Length,new AsyncCallback(sendcallback),null);
            send = dd;
            sslStream.BeginRead(_recieveBuffer, 0, _recieveBuffer.Length, new AsyncCallback(ReceiveCallback), null);
        }
    }

    private void sendcallback(IAsyncResult ar)
    {

    }// end of send data

这可能是vs或Windows选项中生成的证书文件的问题吗？

我在互联网上搜索了一下，我认为应该存在我用于证书文件的算法不匹配的可能性以及Windows 8.1可以理解的内容。我真的不知道......

vs让我为我的证书制作的算法是＆＃34; sha256RSA＆＃34;和＃34; sha1RSA＆＃34; 谢谢你的帮助

Answer 1

我在我的项目中制作了.pfx测试文件

这是一个大红旗。在不了解您使用的工具的情况下，最好的猜测是您创建了签名证书。它不适合密钥交换。此blog post涵盖的失败模式。

在不了解您的操作系统的情况下，我不得不猜测您使用的是Linux。在这种情况下this question应该有所帮助。如果这是一个错误的猜测，那么通过谷歌搜索“创建自签名证书，添加适当的关键字来选择您的操作系统和/或工具链来帮助自己。

Answer 2

谢谢我的朋友，我终于找到了问题。

代码需要一点编辑，但主要问题不是代码。

问题来自证书文件的工作方式。我刚刚生成了一个pfx文件并将其地址提供给下面的代码：

sslStream.AuthenticateAsServer(server);

但现在我在互联网选项中制作了pfx格式并将其导入到个人部分，然后将其导出到受信任的根部分，因此将生成仅包含该pfx文件的公钥的该pfx文件的cer格式。

所以现在代码运行得非常好。

ssl证书代码中的例外情况

2 个答案: