SSL证书名称不匹配

时间:2011-02-15 17:32:32

标签: .net client-server ssl-certificate

我正在使用.NET技术制作TCP SSL服务器。

首先,使用here上的SSL Stream示例,创建客户端/服务器代码,然后创建我使用的证书this(注册网络服务的部分除外.. 。没有用)

启动与SSL服务器的通信正在运行,但由于我需要验证客户端/服务器证书文件,我添加了这个:

public static bool ValidateServerCertificate(
          object sender,
          X509Certificate certificate,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        // Do not allow this client to communicate with unauthenticated servers.
        Console.WriteLine(" > Remote Certificate Error : {0}", sslPolicyErrors);
        return false;
    }

和此:

public static X509Certificate ValidateClientCertificate(
        object sender,
        string targetHost,
        X509CertificateCollection localCertificates,
        X509Certificate remoteCertificate,
        string[] acceptableIssuers)
    {
        Console.WriteLine(" > Client is selecting a local certificate.");
        if (acceptableIssuers != null &&
            acceptableIssuers.Length > 0 &&
            localCertificates != null &&
            localCertificates.Count > 0)
        {
            // Use the first certificate that is from an acceptable issuer.
            foreach (X509Certificate certificate in localCertificates)
            {
                string issuer = certificate.Issuer;
                if (Array.IndexOf(acceptableIssuers, issuer) != -1)
                    return certificate;
            }
        }
        if (localCertificates != null &&
            localCertificates.Count > 0)
            return localCertificates[0];

        return null;
    }

同时服务器和客户端。

以这种方式创建连接:

SslStream sslStream = new SslStream(
            client.GetStream(),
            true,
            new RemoteCertificateValidationCallback(ValidateServerCertificate),
            new LocalCertificateSelectionCallback(ValidateClientCertificate)
            );
        // The server name must match the name on the server certificate.
        try
        {
            sslStream.AuthenticateAsClient(serverName, CertColection, SslProtocols.Tls, false);
        }...(etc)...


SslStream flujo = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ValidateClientCertificate));
        //Código anterior: NetworkStream flujo = tcpClient.GetStream();
        //Continúa, intentar autentificar la conexión.

        Console.WriteLine(" > Autentificando");
        try
        {
           flujo.AuthenticateAsServer(certificadoServidor, false, SslProtocols.Tls, true);
        }...(etc)...

客户说:“RemoteCertificateNameMismatch” 服务器说:“RemoteCertificateNotAvailable”

关于他们各自的sslPolicyErrors信息。

我做错了什么? 我错过了哪一步?

0 个答案:

没有答案
相关问题
最新问题