HttpListener仅对本地主机支持SSL吗? [英] HttpListener supports SSL only for localhost?
问题描述
你好,
我认为许多人都知道并使用 HttpListener [如果使用https创建HttpListener,则必须为该监听器选择服务器证书.否则,此HttpListener的HttpWebRequest查询将因连接意外关闭而失败.
我将根证书添加到本地存储中受信任的证书,并将个人证书又添加到由根证书签名的本地存储中的个人证书:
ROOT
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=Root,O=DO_NOT_TRUST,OU=test purposes" -sky signature -pe -r "Root.cer" -sv "RootKey.pvk"
Personal
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=*.codeproject.com,O=DO_NOT_TRUST,OU=test purposes" -sky exchange -pe -ir localmachine -iv "RootKey.pvk" -ic "Root.cer"
我将证书绑定到端口,如下所示:
netsh http add sslcert ipport=0.0.0.0:8081 certhash="{hash}" appid={guid}
一切正常,但仅适用于localhost上的站点.例如,当我尝试打开https://codeproject.com时. HttpListener不听"请求.浏览器尝试打开网页,并因超时而失败.
顺便说一句,我知道这就像中间人攻击,但这只是出于测试目的,不幸的是,我不能使用也使用这种技术的Fiddler.
按照传统,我的问题并不简单,我相信这里没有免费评级"的人,对不起:)但是,如果您能帮助我,那将很棒.
另一个注意事项-我几乎阅读了有关此内容的所有文章以及那里的localhost的所有示例.因此,如果您要向我提供文章的链接,请检查它是否也是本地主机的示例;)
还有一个-可能是您的建议是使用TcpListner或类似的东西.现在,我不想更改逻辑,如果只有解决方案,我将更改逻辑.
非常感谢. Timur.很棒!超过50个视图,并且像往常一样没有答案:)像往常一样由我自己回答.
HttpListener比TCPListener更高级.当然,这意味着使用HttpListener更容易,但是!这也意味着缺少功能.我的意思是您无法使用HTTPListener构建严肃的代理.
我们知道要使用安全套接字(SSL),我们需要进行SSL握手(CONNECT方法等).但是对于HttpListener来说,应该通过证书绑定来完成(netsh http add sslcert).我能说的是,我尝试了所有操作,但无法为远程主机(仅适用于本地主机)工作.我不知道原因,对不起.
其次,就代理而言,此证书出价不适合使用.如果我想使用正确的CN主题即时创建证书怎么办?
所有这些使我重写了应用程序以使用TCPListener并处理CONNECT方法.
以下文章可帮助我了解基础知识:
在C#中实现多线程HTTP/HTTPS调试代理服务器 [ ^ ]
Hello,
I think many people know and use HttpListener[^] class.
As far as I can see from the note on MSDN it supports https traffic:
If you create an HttpListener using https, you must select a Server Certificate for that listener. Otherwise, an HttpWebRequest query of this HttpListener will fail with an unexpected close of the connection.
I added root certificate to the trusted in localstorage and one more certificate to personal also in localstorage which signed by root certificate:
ROOT makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=Root,O=DO_NOT_TRUST,OU=test purposes" -sky signature -pe -r "Root.cer" -sv "RootKey.pvk" Personal makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=*.codeproject.com,O=DO_NOT_TRUST,OU=test purposes" -sky exchange -pe -ir localmachine -iv "RootKey.pvk" -ic "Root.cer"
I binded certificate to port like this:
netsh http add sslcert ipport=0.0.0.0:8081 certhash="{hash}" appid={guid}
And everything works but only for sites on localhost. When I try to open for example https://codeproject.com. HttpListener "doesn''t hear" request. Browser tries to open web page and failed with timeout.
BTW, I know it''s called like man-in-the-middle attack but it''s only for test purposes and unfortunately I can''t use Fiddler which also use this technique.
By tradition my question is not simple, I believe here is no "free rating" guys, sorry :) but if you are able to help me it would be great.
One more note - I''ve read almost all articles about this and all examples for localhost there. So if you''re going to provide me with the link to an article please check it may be this example also for localhost ;)
And one more - May be your suggestion will be using of TcpListner or something like this. For now I don''t want to change logic, I will change logic if it only solution.
Thanks a lot. Timur.
Amazing! more than 50 views and no answers, as usual :) Answering by myself, as usual.
HttpListener is more high-level class than TCPListener. Of course this mean that it easier to work with HttpListener but! this also means that there lack of functionality. I mean you can''t build serious proxy with HTTPListener.
As we know to work with secured socket (SSL) we need to make SSL handshake (CONNECT method and so on). But for HttpListener it should be done via certificate binding (netsh http add sslcert). All I can say is that I tried everything and couldn''t have worked this for remote host, only for localhost. I don''t know reason, sorry.
Next, this certificate biding is not comfortable to use in terms of proxy. What if I want to create certificates on the fly with correct CN subject?
All this made me to rewrite my application to use TCPListener and handle CONNECT methods.
The following article help me to understand the basics:
Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C#[^]
这篇关于HttpListener仅对本地主机支持SSL吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
