.Net SqlConnection, Server Authentication, and Certificate P
本文关键字:Certificate and Server SqlConnection Net Authentication | 更新日期: 2023-09-27 18:19:21
使用s SqlConnection
时如何pin证书?来自SqlConnection连接字符串参数关键词&值,我知道我可以将Encrypted
设置为true
来强制(鼓励?)使用SSL/TLS。
然而,要固定证书,我认为我们需要使用ServicePointManager
中的ServerCertificateValidationCallback
(下面的示例代码由Arne Vajhøj提供,用于HTTP/HTTPS)。我不清楚如何在PinCertificate
(从ServicePointManager
)连接到SqlConnection
。
更新:与Arne Vajhøj在microt.public.dotnet.languages的谈话。Csharp,似乎不可能对连接进行所需的控制。Vajhøj提供了到SQL Server的加密连接的链接。
public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback = PinCertificate;
WebRequest wr = WebRequest.Create("https://www.google.com/");
wr.GetResponse();
}
public static bool PinCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
byte[] chash = certificate.GetCertHash();
StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);
// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "C1956DC8A7DFB2A5A56934DA09778E3A11023358")
return false;
return true;
}
不如这样写:
System.Net.ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCertificate)
Private Function ValidateCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
'Return True to force the certificate to be accepted.
Return True
End Function