Question

我的软件使用HTTPS连接连接到Dropbox，以便检索一些敏感数据。

我使用以下代码固定Dropbox公钥

ServicePointManager.ServerCertificateValidationCallback = PinPublicKey;
private static readonly List<string> AllowedPublicKeys = new List<string>
        {
            "3082010A0282010100EEAE8C9A3A274355F04A25F35B43EF9F12B37BDCDE39076C1BCD66C58D8CA236C7413A46DD7B0EF7BBB414E60DE093B8870555CF01BB61F6EC821637B1093F120B8E282B725A69914DCE1B6455AB61C88DD6220259172A0566D38DCDD571A6EE6283C29464BC3A775537C66F1B30F028134D9411C890FC676D1059A54CA0E3E308529FAC6E4010D3C7D243220D9D7766A0245EB76ED9D413340A6D0C0AC605BD5AF41EB74E25587CFBE2A64A3947498660BE5346B011CB93C33D1BB905031ACDA017FAE17F9885002ED56218AAB824344024A2938E472087C1E4DECD3DD02A76BF965D626FA8AE142B34789399A3CB3D28D2A9BE2D3F13138BE36C319113BDA90203010001",

            "3082010A0282010100D169E87071F5C91C8E552563EE5A9519297425DDFCB620482F3D0D61FB85B834766EC93D87BB9EAFF99785BDCE118A85D52A144B7C8C601CCF020714FD34B99793635498917F6F6E2F90ECBF0E6E37E80456054BC00B18D6A06E71F3E713B8A15B6A329924A2C644A488CF602DAFC050FB9FE1B49169609B16AB05C0ACAA470C081908C68937A74778FAAE9D0A192B3BF50FB1FAE47159E604687071A1E823EEBD24A2FE245D4E7AF656E8EE7C7E8DDFF306A0D16FFFAA650562B6DC9A18392604AA6886B2C1CFB9F7AD4893DA817770773D929ED92C779C3D4F608D8D637CA4294A9064F206EF8E6BF7FC85BBB9104F8F57D10BC4990C5F1B7C9F68D0F02E3D0203010001"
        }; //dropbox.com and dl.dropboxusercontent.com public keys 2017-10-16

        public static bool PinPublicKey(object sender, X509Certificate certificate, X509Chain chain,
            SslPolicyErrors sslPolicyErrors)
        {
            if (null == certificate)
                return false;

            String pk = certificate.GetPublicKeyString();
            if (AllowedPublicKeys.Any(s => s.Equals(pk, StringComparison.InvariantCultureIgnoreCase)))
                return true;

            return false;
        }

虽然这对我来说在欧洲非常适合，但印度的客户表示无法建立HTTPS连接。

我在想，也许Dropbox正在为全世界的CDN使用不同的公钥。

我该怎么办？有没有办法在不知道的情况下固定所有公钥？

Dropbox HTTPS公钥

0 个答案: