VB .net接受自签名SSL证书

时间:2011-05-13 21:32:29

标签: .net vb.net ssl ssl-certificate

我正在寻找一种使用VB .Net验证(或绕过验证)自签名SSL证书的方法。我发现代码在C#中执行此操作并尝试将其转换为VB代码,但我没有运气。

以下是C# code.

以下是我的尝试:

Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates

Public Class clsSSL
    Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
        Return True
    End Function
End Class

然后在Webrequest之前我有这行代码给我一个错误。

ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)

错误消息是:

Delegate 'System.Net.Security.RemoteCertificateValidationCallback' requires an 'AddressOf' expression or lambda expression as the only argument to its constructor.

5 个答案:

答案 0 :(得分:28)

在VB.Net中,你需要写

ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications

答案 1 :(得分:2)

一衬垫:

System.Net.ServicePointManager.ServerCertificateValidationCallback = _
  Function(se As Object, _
  cert As System.Security.Cryptography.X509Certificates.X509Certificate, _
  chain As System.Security.Cryptography.X509Certificates.X509Chain, _
  sslerror As System.Net.Security.SslPolicyErrors) True

Robby Tendean

的信用

答案 2 :(得分:1)

我不确定但这应该有效:

ServicePointManager.ServerCertificateValidationCallback = _
      New RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)

http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx

答案 3 :(得分:1)

这里所有的答案都盲目接受任何证书。这是一个安全漏洞。

在实施 ServicePointManager.ServerCertificateValidation callback 时,应该验证证书。例如。通过根据已知值检查证书的哈希值:

Imports System.Net
Imports System.Net.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates

ServicePointManager.ServerCertificateValidationCallback =
    Function(sender As Object, certificate As X509Certificate, chain As X509Chain,
             errors As SslPolicyErrors)
        Return _
            (errors = SslPolicyErrors.None) Or
            certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
                "EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA67737179E3C85BC3CD09D4EEC")
    End Function

对于 X509Certificate.GetCertHashString overload that takes HashAlgorithmName.SHA256,您需要 .NET 4.8。在旧版本上使用 the parameter-less overload 返回一个 SHA-1 哈希值。

基于Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?

对于 C# 版本的代码,请参阅 FtpWebRequest "The remote certificate is invalid according to the validation procedure"

答案 4 :(得分:0)

在VB.Net中,

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls

解决了安全性较低的应用问题。

相关问题
最新问题