根据验证过程,远程证书无效
本文关键字:证书 无效 程证书 验证 过程 | 更新日期: 2023-09-27 18:29:43
运行以下代码,我得到一个异常:
using (var client = new Pop3Client())
{
client.Connect(provider.ServerWithoutPort, provider.Port, true);
}
我得到的例外:
The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:'Users'elad'Documents'Visual Studio 2010'Projects'SVN'UGI'Ugi'Server'Sources'Logic'SourcesService.cs:line 246
这通常是因为以下情况之一为真:
- 该证书是自签名的,不会添加为受信任的证书
- 证书已过期
- 证书由计算机上未安装的根证书签名
- 证书是使用服务器的完全限定域地址进行签名的。含义:不能使用"xyzServerName",但必须使用"xyz ServerName.ad.state.fl.us",因为就SSL证书而言,这基本上是服务器名称
- 已探测吊销列表,但无法找到/使用
- 证书是通过中间CA证书签名的,服务器不提供该中间证书和主机证书
尝试获取有关服务器证书的一些信息,看看是否需要在客户端上安装任何特定的证书才能使其工作。
Dominic Zukiewicz的解决方案的更短版本:
ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
但这意味着您将信任所有证书。对于一个不仅仅在本地运行的服务,需要一些更智能的东西。在第一个实例中,您可以使用此代码来测试它是否解决了您的问题。
.NET在连接的另一端看到一个无效的SSL证书。有一个变通方法,但显然不建议用于生产代码:
// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...
static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true;
}
我在测试一个项目时遇到了同样的问题,结果发现运行Fiddler是导致这个错误的原因。。!!
如果您正在使用Fiddler拦截http请求,请将其关闭。。。
这是造成这种错误的众多原因之一。
要修复Fiddler,您可能需要重置Fiddler Https证书。
您必须检查证书哈希代码。
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
errors) =>
{
var hashString = certificate.GetCertHashString();
if (hashString != null)
{
var certHashString = hashString.ToLower();
return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
}
return false;
};
尝试将其放在发送电子邮件之前
ServicePointManager.ServerCertificateValidationCallback =
delegate(object s, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };
记住添加正在使用的库!