.net标准2.0中的自签名证书
我的问题在.net标准2.0中具体提到,因为相同的代码似乎适用于.net框架,原因我并不完全确定。.net标准2.0中的自签名证书
问题是我想向使用自签名证书的服务器发出http请求。现在在.net框架(特别是4.6.1)中通过这种方式的方法是使用:
ServicePointManager.ServerCertificateValidationCallback = CustomValidation;
public static bool CustomValidation
(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors policyErrors)
{
return true;
}
这就解决了这个问题。但是,在.net标准中这样做似乎是编译的,但同样的错误(WinHttpException - 发生安全错误)发生System.AggregateException HResult = 0x80131500 消息=发生了一个或多个错误。 (发送请求时发生错误。) Source = StackTrace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at matrix_tester.Program.Main(String [] args)in C:\内部异常1: HttpRequestException:发送请求时发生错误。
内部异常2: WinHttpException:安全出错
我在我的智慧在这里结束。 ServicePointManager是否不能用于.net标准?
ServicePointManager应该在2.0中可用。
免责声明。我不知道你的代码为什么不起作用。当我需要自动接受证书时,我总是使用黑客技术。它工作在2.0。但请记住,该脚本接受所有自签名证书,这是违反安全性的。自行决定使用。这是一个单身人士课程。只是把它在你的程序的开头是这样的:
Certificates.Instance.GetCertificatesAutomatically();
它应该在你的程序中工作。希望它能帮助你前进。
using System;
using System.Collections.Generic;
using System.Security;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
using System.Net.Security;
namespace test
{
public sealed class Certificates
{
private static Certificates instance = null;
private static readonly object padlock = new object();
Certificates()
{
}
public static Certificates Instance
{
get
{
lock (padlock)
{
if (instance == null)
{
instance = new Certificates();
}
return instance;
}
}
}
public void GetCertificatesAutomatically()
{
ServicePointManager.ServerCertificateValidationCallback +=
new RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors)
=> { return true; });
}
private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
//Return true if the server certificate is ok
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
bool acceptCertificate = true;
string msg = "The server could not be validated for the following reason(s):\r\n";
//The server did not present a certificate
if ((sslPolicyErrors &
SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable)
{
msg = msg + "\r\n -The server did not present a certificate.\r\n";
acceptCertificate = false;
}
else
{
//The certificate does not match the server name
if ((sslPolicyErrors &
SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch)
{
msg = msg + "\r\n -The certificate name does not match the authenticated name.\r\n";
acceptCertificate = false;
}
//There is some other problem with the certificate
if ((sslPolicyErrors &
SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors)
{
foreach (X509ChainStatus item in chain.ChainStatus)
{
if (item.Status != X509ChainStatusFlags.RevocationStatusUnknown &&
item.Status != X509ChainStatusFlags.OfflineRevocation)
break;
if (item.Status != X509ChainStatusFlags.NoError)
{
msg = msg + "\r\n -" + item.StatusInformation;
acceptCertificate = false;
}
}
}
}
//If Validation failed, present message box
if (acceptCertificate == false)
{
msg = msg + "\r\nDo you wish to override the security check?";
// if (MessageBox.Show(msg, "Security Alert: Server could not be validated",
// MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button1) == DialogResult.Yes)
acceptCertificate = true;
}
return acceptCertificate;
}
}
}
这似乎没有工作(虽然我看不出为什么),因为它似乎ServicePointManager.ServerCertificateValidationCallback + = 新的RemoteCertificateValidationCallback((发件人,证书,链,policyErrors) => {return true;});似乎并没有为我工作... –
我在代表中打破了一个断点,应该打到,而不是? –
您是否发现了任何使用.NET标准2.0绕过自签名证书的解决方案? –