SslStream充当服务器时是否使用LocalCertificateSelectionCallback? [英] Does SslStream use LocalCertificateSelectionCallback when acting as a server?

问题描述

如果我这样创建一个SslStream实例:

If I create a SslStream instance like this:

secureStream = new SslStream(stream, true, tlsRemoteCallback, tlsLocalCallback);

然后我使用AuthenticateAsServer或BeginAuthenticateAsServer方法之一，是否可以调用LocalCertificateSelectionCallback(tlsLocalCallback)?如果可以，怎么办?

And then I use one of the AuthenticateAsServer or BeginAuthenticateAsServer methods, is it at all possible for the LocalCertificateSelectionCallback (tlsLocalCallback) to be invoked? And if so, how?

我觉得这是不可能的，因为AuthenticateAsServer方法需要X509Certificate参数.如果传递null，则将引发异常.但是我想确定一下，因为我正试图编写一个套接字API供团队中的其他开发人员使用.

I'm under the impression this isn't possible, because the AuthenticateAsServer method requires an X509Certificate parameter. And if you pass null, then it throws an exception. But I want to be certain since I'm trying to write a socket API for other developers on my team to use.

推荐答案

您是否要让secureStream选择它用来向客户端进行身份验证的证书?

Are you trying to have secureStream pick which certificate it uses to authenticate itself with the client?

我认为这不可能.做一些反射，我看到委托最终将转到System.Net.Security.SecureChannel中的"m_CertSelectionDelegate".快速分析此变量似乎表明该变量仅用于验证服务器证书或验证客户端提供的用于相互认证自己的证书.

I don't think that is possible. Doing some Reflectoring, I see that the delegate ultimate goes to a "m_CertSelectionDelegate" in System.Net.Security.SecureChannel. A quick analysis of this variable seems to indicate that it's only using for verifying a server cert or verifying the cert the client gives to mutually authenticate itself.

这篇关于SslStream充当服务器时是否使用LocalCertificateSelectionCallback?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！