为什么这个SSL交换失败了?

时间:2017-05-31 20:47:27

标签: c# .net ssl certificate ssl-certificate

我有一个接受SSL连接的C#服务器。代码归结为:

// standard accept loop
TcpClient tcpClient = httpListener.AcceptTcpClient();
// ... create a thread

// ... each thread
SslStream sslStream = new SslStream(tcpClient.GetStream());
sslStream.AuthenticateAsServer(cert);
// ... read from / write to sslStream

这适用于大多数客户。但是,如果客户端是Android,则AuthenticateAsServer调用将失败并出现异常:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: An unknown error occurred while processing the certificate.

奇怪的是,当Android客户端连接以及任何其他客户端连接时,我使用完全相同的证书。

我得到了失败的连接尝试的网络跟踪。但就解释这条痕迹而言,我已经超出了我的深度。有人可以帮我理解下面发生了什么吗?

System.Net.Sockets Information: 0 : [23040] Socket#42931033 - Accepted connection from 192.168.0.25:48171 to 192.168.0.20:443.
System.Net.Sockets Verbose: 0 : [23040] Exiting Socket#62407605::Accept()   -> Socket#42931033
System.Net.Sockets Verbose: 0 : [23040] TcpClient#39053774::TcpClient(Socket#42931033)
System.Net.Sockets Verbose: 0 : [23040] Exiting TcpClient#39053774::TcpClient() 
System.Net.Sockets Verbose: 0 : [23040] Exiting TcpListener#65849037::AcceptTcpClient()     -> TcpClient#39053774
System.Net.Sockets Verbose: 0 : [23040] TcpListener#65849037::AcceptTcpClient()
System.Net.Sockets Verbose: 0 : [23040] Socket#62407605::Accept()
System.Net.Sockets Verbose: 0 : [29340] TcpClient#39053774::GetStream()
System.Net.Sockets Verbose: 0 : [29340] Exiting TcpClient#39053774::GetStream()     -> NetworkStream#15257950
System.Net Information: 0 : [29340] SecureChannel#21857373::.ctor(hostname=?124, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [29340] Enumerating security packages:
System.Net Information: 0 : [29340]     Negotiate
System.Net Information: 0 : [29340]     NegoExtender
System.Net Information: 0 : [29340]     Kerberos
System.Net Information: 0 : [29340]     NTLM
System.Net Information: 0 : [29340]     TSSSP
System.Net Information: 0 : [29340]     pku2u
System.Net Information: 0 : [29340]     CloudAP
System.Net Information: 0 : [29340]     WDigest
System.Net Information: 0 : [29340]     Schannel
System.Net Information: 0 : [29340]     Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [29340]     Default TLS SSP
System.Net Information: 0 : [29340]     CREDSSP
System.Net.Sockets Verbose: 0 : [29340] Socket#42931033::Receive()
System.Net.Sockets Verbose: 0 : [29340] Data from Socket#42931033::Receive
System.Net.Sockets Verbose: 0 : [29340] 00000000 : 16 03 01 00 87                                  : .....
System.Net.Sockets Verbose: 0 : [29340] Exiting Socket#42931033::Receive()  -> Int32#5
System.Net.Sockets Verbose: 0 : [29340] Socket#42931033::Receive()
System.Net.Sockets Verbose: 0 : [29340] Data from Socket#42931033::Receive
System.Net.Sockets Verbose: 0 : [29340] 00000005 : 01 00 00 83 03 03 61 10-FE 4F AD 7C 09 0F 95 D8 : ......a..O.|....
System.Net.Sockets Verbose: 0 : [29340] 00000015 : EC 58 12 FE ED 52 50 71-FC 1D 89 5F 95 D8 B7 34 : .X...RPq..._...4
System.Net.Sockets Verbose: 0 : [29340] 00000025 : F8 60 D9 89 33 80 00 00-1E C0 2B C0 2C CC A9 C0 : .`..3.....+.,...
System.Net.Sockets Verbose: 0 : [29340] 00000035 : 2F C0 30 CC A8 C0 09 C0-0A C0 13 C0 14 00 9C 00 : /.0.............
System.Net.Sockets Verbose: 0 : [29340] 00000045 : 9D 00 2F 00 35 00 0A 01-00 00 3C FF 01 00 01 00 : ../.5.....<.....
System.Net.Sockets Verbose: 0 : [29340] 00000055 : 00 17 00 00 00 0D 00 14-00 12 04 03 08 04 04 01 : ................
System.Net.Sockets Verbose: 0 : [29340] 00000065 : 05 03 08 05 05 01 08 06-06 01 02 01 00 05 00 05 : ................
System.Net.Sockets Verbose: 0 : [29340] 00000075 : 01 00 00 00 00 00 0B 00-02 01 00 00 0A 00 08 00 : ................
System.Net.Sockets Verbose: 0 : [29340] 00000085 : 06 00 1D 00 17 00 18                            : .......
System.Net.Sockets Verbose: 0 : [29340] Exiting Socket#42931033::Receive()  -> Int32#135
System.Net Information: 0 : [29340] SecureChannel#21857373 - Locating the private key for the certificate: [Version]
  V3

[Subject]
  CN=192.168.0.20
  Simple Name: 192.168.0.20
  DNS Name: 192.168.0.20

[Issuer]
  CN=SelfSignedCertNNN
  Simple Name: SelfSignedCertNNN
  DNS Name: SelfSignedCertNNN

[Serial Number]
  148326605B6053F1FD62A9CA2B736DB3

[Not Before]
  12/15/2012 12:00:00 AM

[Not After]
  12/15/2022 12:00:00 AM

[Thumbprint]
  4E661D22C762F65478DE1215CF8D19AEBEFF5688

[Signature Algorithm]
  sha1RSA(1.2.840.113549.1.1.5)

[Public Key]
  Algorithm: RSA
  Length: 1024
  Key Blob: 30 81 89 02 81 81 00 d1 80 fc 38 5f 92 a5 ab a8 e0 ab f2 43 ab 53 4c c4 af c4 be 94 8a 03 dc 28 74 32 3c ef 65 34 e7 d0 f8 84 93 73 de b7 f0 01 bc 79 84 fb 0e 5f 27 68 17 98 be 1c 3a bf 57 09 f4 54 e6 ea 53 59 fe 8d 0d fc 0b d2 c9 70 1c dd 08 c9 f2 b5 ba 71 fa 4f 18 bf 9d 35 d1 1e 68 34 0d 35 e9 1f ca b0 ec e5 02 a1 8d 9a 4c a3 f9 4b d3 7e ad 75 bb 45 73 11 05 0e 33 61 b6 49 3e 84 04 06 f7 05 65 b8 b9 02 03 01 00 01
  Parameters: 05 00

[Extensions]
* Subject Key Identifier(2.5.29.14):
  ....
System.Net Information: 0 : [29340] SecureChannel#21857373 - Found the certificate in the CurrentUser store.
System.Net Information: 0 : [29340] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Inbound, scc     = System.Net.SecureCredential)
System.Net Information: 0 : [29340] AcceptSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, AcceptStream)
System.Net Information: 0 : [29340] AcceptSecurityContext(In-Buffer length=140, Out-Buffer length=825, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [29340] Socket#42931033::Send()
System.Net.Sockets Verbose: 0 : [29340] Data from Socket#42931033::Send
System.Net.Sockets Verbose: 0 : [29340] 00000000 : 16 03 01 03 34 02 00 00-51 03 01 59 2F 1E F6 A4 : ....4...Q..Y/...
System.Net.Sockets Verbose: 0 : [29340] 00000010 : 03 8C 42 E3 9F 42 6F BE-48 ED 52 22 50 FB E2 49 : ..B..Bo.H.R"P..I
System.Net.Sockets Verbose: 0 : [29340] 00000020 : 62 CE 69 EC 40 53 43 56-56 1F E2 20 3D 0E 00 00 : b.i.@SCVV.. =...
System.Net.Sockets Verbose: 0 : [29340] 00000030 : 22 62 47 95 70 55 1F D8-5B 60 69 7C D5 6E A5 34 : "bG.pU..[`i|.n.4
System.Net.Sockets Verbose: 0 : [29340] 00000040 : 39 C9 AC 6C E8 FB E0 96-71 29 58 DA C0 14 00 00 : 9..l....q)X.....
System.Net.Sockets Verbose: 0 : [29340] 00000050 : 09 00 17 00 00 FF 01 00-01 00 0B 00 02 2D 00 02 : .............-..
System.Net.Sockets Verbose: 0 : [29340] 00000060 : 2A 00 02 27 30 82 02 23-30 82 01 8C A0 03 02 01 : *..'0..#0.......
System.Net.Sockets Verbose: 0 : [29340] 00000070 : 02 02 10 14 83 26 60 5B-60 53 F1 FD 62 A9 CA 2B : .....&`[`S..b..+
System.Net.Sockets Verbose: 0 : [29340] 00000080 : 73 6D B3 30 0D 06 09 2A-86 48 86 F7 0D 01 01 05 : sm.0...*.H......
System.Net.Sockets Verbose: 0 : [29340] 00000090 : 05 00 30 1C 31 1A 30 18-06 03 55 04 03 13 11 53 : ..0.1.0...U....S
System.Net.Sockets Verbose: 0 : [29340] 000000A0 : 65 6C 66 53 69 67 6E 65-64 43 65 72 74 4E 4E 4E : elfSignedCertNNN
System.Net.Sockets Verbose: 0 : [29340] 000000B0 : 30 1E 17 0D 31 32 31 32-31 35 30 35 30 30 30 30 : 0...121215050000
System.Net.Sockets Verbose: 0 : [29340] 000000C0 : 5A 17 0D 32 32 31 32 31-35 30 35 30 30 30 30 5A : Z..221215050000Z
System.Net.Sockets Verbose: 0 : [29340] 000000D0 : 30 17 31 15 30 13 06 03-55 04 03 13 0C 31 39 32 : 0.1.0...U....192
System.Net.Sockets Verbose: 0 : [29340] 000000E0 : 2E 31 36 38 2E 30 2E 32-30 30 81 9F 30 0D 06 09 : .168.0.200..0...
System.Net.Sockets Verbose: 0 : [29340] 000000F0 : 2A 86 48 86 F7 0D 01 01-01 05 00 03 81 8D 00 30 : *.H............0
System.Net.Sockets Verbose: 0 : [29340] 00000100 : 81 89 02 81 81 00 D1 80-FC 38 5F 92 A5 AB A8 E0 : .........8_.....
System.Net.Sockets Verbose: 0 : [29340] 00000110 : AB F2 43 AB 53 4C C4 AF-C4 BE 94 8A 03 DC 28 74 : ..C.SL........(t
System.Net.Sockets Verbose: 0 : [29340] 00000120 : 32 3C EF 65 34 E7 D0 F8-84 93 73 DE B7 F0 01 BC : 2<.e4.....s.....
System.Net.Sockets Verbose: 0 : [29340] 00000130 : 79 84 FB 0E 5F 27 68 17-98 BE 1C 3A BF 57 09 F4 : y..._'h....:.W..
System.Net.Sockets Verbose: 0 : [29340] 00000140 : 54 E6 EA 53 59 FE 8D 0D-FC 0B D2 C9 70 1C DD 08 : T..SY.......p...
System.Net.Sockets Verbose: 0 : [29340] 00000150 : C9 F2 B5 BA 71 FA 4F 18-BF 9D 35 D1 1E 68 34 0D : ....q.O...5..h4.
System.Net.Sockets Verbose: 0 : [29340] 00000160 : 35 E9 1F CA B0 EC E5 02-A1 8D 9A 4C A3 F9 4B D3 : 5..........L..K.
System.Net.Sockets Verbose: 0 : [29340] 00000170 : 7E AD 75 BB 45 73 11 05-0E 33 61 B6 49 3E 84 04 : ~.u.Es...3a.I>..
System.Net.Sockets Verbose: 0 : [29340] 00000180 : 06 F7 05 65 B8 B9 02 03-01 00 01 A3 6B 30 69 30 : ...e........k0i0
System.Net.Sockets Verbose: 0 : [29340] 00000190 : 1D 06 03 55 1D 0E 04 16-04 14 33 EE 93 24 03 EF : ...U......3..$..
System.Net.Sockets Verbose: 0 : [29340] 000001A0 : 08 F5 79 E0 F8 97 18 9A-71 49 96 8E 9C 1C 30 0B : ..y.....qI....0.
System.Net.Sockets Verbose: 0 : [29340] 000001B0 : 06 03 55 1D 0F 04 04 03-02 01 06 30 09 06 03 55 : ..U........0...U
System.Net.Sockets Verbose: 0 : [29340] 000001C0 : 1D 13 04 02 30 00 30 1F-06 03 55 1D 23 04 18 30 : ....0.0...U.#..0
System.Net.Sockets Verbose: 0 : [29340] 000001D0 : 16 80 14 2F 3A D4 36 7D-3D C9 39 65 AD 7A 7D 34 : .../:.6}=.9e.z}4
System.Net.Sockets Verbose: 0 : [29340] 000001E0 : 02 B7 76 B5 6C 0F 9D 30-0F 06 03 55 1D 11 04 08 : ..v.l..0...U....
System.Net.Sockets Verbose: 0 : [29340] 000001F0 : 30 06 87 04 C0 A8 00 14-30 0D 06 09 2A 86 48 86 : 0.......0...*.H.
System.Net.Sockets Verbose: 0 : [29340] 00000200 : F7 0D 01 01 05 05 00 03-81 81 00 56 DF AE F1 A4 : ...........V....
System.Net.Sockets Verbose: 0 : [29340] 00000210 : CD EE EA F6 69 98 B0 3B-14 EB 51 2F 71 90 65 31 : ....i..;..Q/q.e1
System.Net.Sockets Verbose: 0 : [29340] 00000220 : 4C 4C F6 17 9D 9D 72 72-8C EC 72 DC FA C8 57 20 : LL....rr..r...W 
System.Net.Sockets Verbose: 0 : [29340] 00000230 : 5F 20 33 5D 5A C1 94 8C-FA 41 D6 60 7C D9 18 D3 : _ 3]Z....A.`|...
System.Net.Sockets Verbose: 0 : [29340] 00000240 : 7B C3 FC F8 E5 BA BC 29-69 C3 62 B8 1C F0 AA 4C : {......)i.b....L
System.Net.Sockets Verbose: 0 : [29340] 00000250 : AA DA 70 F1 5C EA 67 B2-E9 4F 06 DB CE BF 7D 28 : ..p.\.g..O....}(
System.Net.Sockets Verbose: 0 : [29340] 00000260 : B1 78 AB 89 D9 D8 62 65-8E 77 75 A4 11 21 DD D8 : .x....be.wu..!..
System.Net.Sockets Verbose: 0 : [29340] 00000270 : E4 A3 9A 88 10 C3 FD 6A-7B 87 90 C4 B9 29 79 0C : .......j{....)y.
System.Net.Sockets Verbose: 0 : [29340] 00000280 : FA 55 66 24 4B 70 E8 6D-01 6A F5 0C 00 00 A6 03 : .Uf$Kp.m.j......
System.Net.Sockets Verbose: 0 : [29340] 00000290 : 00 1D 20 4A EB B4 A5 F2-52 05 3D 13 81 2D 90 97 : .. J....R.=..-..
System.Net.Sockets Verbose: 0 : [29340] 000002A0 : 22 61 A3 AD 1A E4 DD 74-A5 F0 25 6D 0A 4B 73 94 : "a.....t..%m.Ks.
System.Net.Sockets Verbose: 0 : [29340] 000002B0 : 1A CF 2D 00 80 1E 37 33-B5 D6 72 16 B8 7D 01 7B : ..-...73..r..}.{
System.Net.Sockets Verbose: 0 : [29340] 000002C0 : E0 AC 38 4B A2 11 DC EE-1B F3 B8 C7 91 FE D7 42 : ..8K...........B
System.Net.Sockets Verbose: 0 : [29340] 000002D0 : DB B4 41 23 6B 59 09 1E-C4 DB 62 FE 4D E0 42 A4 : ..A#kY....b.M.B.
System.Net.Sockets Verbose: 0 : [29340] 000002E0 : 52 0E 65 04 DA 5C 32 4E-FC DB A4 BA 50 7C D6 35 : R.e..\2N....P|.5
System.Net.Sockets Verbose: 0 : [29340] 000002F0 : 27 D7 89 FB B0 D1 6F 0C-24 2C 2E 55 B4 C1 18 A8 : '.....o.$,.U....
System.Net.Sockets Verbose: 0 : [29340] 00000300 : 01 15 F7 9D 86 8F 24 EB-5B 2C 83 5D A2 D3 7B DD : ......$.[,.]..{.
System.Net.Sockets Verbose: 0 : [29340] 00000310 : 83 47 B1 0A AC D6 01 4C-3B 38 BC 32 F0 FB AA 49 : .G.....L;8.2...I
System.Net.Sockets Verbose: 0 : [29340] 00000320 : 2C 67 BD A4 A1 7A 8E 39-1F B0 1C 15 19 A5 B4 0A : ,g...z.9........
System.Net.Sockets Verbose: 0 : [29340] 00000330 : 85 54 3C C7 4E 0E 00 00-00                      : .T<.N....
System.Net.Sockets Verbose: 0 : [29340] Exiting Socket#42931033::Send()     -> Int32#825
System.Net.Sockets Verbose: 0 : [29340] Socket#42931033::Receive()
System.Net.Sockets Verbose: 0 : [29340] Data from Socket#42931033::Receive
System.Net.Sockets Verbose: 0 : [29340] 00000000 : 15 03 01 00 02                                  : .....
System.Net.Sockets Verbose: 0 : [29340] Exiting Socket#42931033::Receive()  -> Int32#5
System.Net.Sockets Verbose: 0 : [29340] Socket#42931033::Receive()
System.Net.Sockets Verbose: 0 : [29340] Data from Socket#42931033::Receive
System.Net.Sockets Verbose: 0 : [29340] 00000005 : 02 2E                                           : ..
System.Net.Sockets Verbose: 0 : [29340] Exiting Socket#42931033::Receive()  -> Int32#2
System.Net Information: 0 : [29340] AcceptSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 23bda9238f0:16f928a5c40, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, AcceptStream)
System.Net Information: 0 : [29340] AcceptSecurityContext(In-Buffer length=7, Out-Buffer length=0, returned code=CertUnknown).
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
The thread 0x729c has exited with code 0 (0x0).

在我收到异常之前看起来像3个数据包被交换

  1. 客户端向我的服务器发送135个字节(启动SSL握手?)

  2. 服务器以825字节响应,包括服务器的SSL 证书和其他一些我不理解的字节。

  3. 客户端发送7个字节,导致我的服务器遇到AuthenticationException。

  4. 如果重要,我的代码在带有.NET 4.0(而不是4.6)的64位Windows 10上运行。证书链有两个证书(一个自签名证书,然后用于签署最终实体证书)。

    你能帮我理解Android和我的服务器之间发送的是什么导致AuthenticationException吗?

0 个答案:

没有答案