使用c#进行SSL/TLSV1连接
本文关键字:TLSV1 连接 SSL 进行 使用 | 更新日期: 2023-09-27 18:08:30
我正在尝试建立SSL/TLS连接到我的个人聊天服务器。我的代码片段如下
public void StartAuthentication(XMPPConnection connection)
{
NetworkStream networkStream = new NetworkStream(connection._sock);
_sslStream = new SslStream(networkStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback));
X509CertificateCollection collection = new X509CertificateCollection();
collection.Add(new X509Certificate(@"D:'ca-certs'AddTrust_External_Root.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'America_Online_Root_Certification_Authority_1.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'AOL_Member_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Baltimore_CyberTrust_Root.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'CAcert_Class3.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'CAcert_Root.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Deutsche_Telekom_Root_CA_2.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'DigiCertHighAssuranceCA-3.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'DigiCertHighAssuranceEVRootCA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Entrust.net_2048.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Entrust.net_Secure_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Equifax_Secure_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Equifax_Secure_Global_eBusiness_CA-1.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Go_Daddy_Class_2_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'GTE_CyberTrust_Global_Root.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Microsoft_Internet_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Microsoft_Secure_Server_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'StartCom_Certification_Authority.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Thawte_Premium_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Thawte_Primary_Root_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'ValiCert_Class_2_VA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'VeriSign_Class3_Extended_Validation_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'Verisign_Class3_Primary_CA.pem"));
collection.Add(new X509Certificate(@"D:'ca-certs'VeriSign_International_Server_Class_3_CA.pem"));
try
{
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
现在程序执行后
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
主线程块。可能因为这个ssl握手没有开始。现在告诉我为什么主线程阻塞了。由于
我对c#了解不多,但从AuthenticateAsClient的文档中可以看出,它需要使用客户端证书来对SSL服务器进行身份验证。这些文件必须有私钥,否则无法使用。但是,您使用的证书是受信任的根证书,用于检查服务器的证书以及您没有私钥的地方。
也许你需要让自己更熟悉SSL的基础知识,例如谁使用哪些证书,为什么等等。
X509Certificate2Collection certificates = new X509Certificate2Collection();
certificates.Import(**uri**, **CertPass**, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(host);
req.AllowAutoRedirect = true;
req.ClientCertificates = certificates;
req.Method = "GET";
req.ContentType = "application/x-www-form-urlencoded";
WebResponse resp = req.GetResponse();
var html = new StreamReader(resp.GetResponseStream()).ReadToEnd();