.NET的SqlConnection,服务器身份验证,证书钢钉 [英] .Net SqlConnection, Server Authentication, and Certificate Pinning
问题描述
如何使用S当一个引脚证书的SqlConnection
?从 SqlConnection的连接字符串参数关键词&放大器;值,我知道我可以设置加密
到真正
给力(鼓励?)使用SSL / TLS。
不过,引脚证书,我相信我们需要使用 ServerCertificateValidationCallback
从 ServicePointManager
(下面的代码示例被提供由ArneVajhøj对HTTP / HTTPS)。我不清楚如何在 PinCertificate
线(从 ServicePointManager
)以的SqlConnection 。code>
更新:与阿恩Vajhøj上microsoft.public.dotnet.languages.csharp说话,看来它不可能有比所需的控制连接。 Vajhøj提供了一个链接,加密连接到SQL Server 。
公共静态无效的主要(字串[] args)
{
ServicePointManager.ServerCertificateValidationCallback = PinCertificate;
的WebRequest WR = WebRequest.Create(https://www.google.com/);
wr.GetResponse();
}
公共静态布尔PinCertificate(对象发件人,X509证书证书,X509Chain链,SslPolicyErrors sslPolicyErrors)
{
字节[] = chash certificate.GetCertHash();
StringBuilder的SB =新的StringBuilder(chash.Length * 2);
的foreach(在chash字节B)
sb.AppendFormat({0:X2},B);
//验证与证书
字符串哈希= sb.ToString已知SHA1拇指印();
如果(哈希=C1956DC8A7DFB2A5A56934DA09778E3A11023358!)
返回false;
返回真;
}
怎么是这样的:
System.Net.ServicePointManager.ServerCertificateValidationCallback =新RemoteCertificateValidationCallback(AddressOf ValidateCertificate)
专用功能ValidateCertificate(BYVAL发件人为对象,BYVAL证书X509证书,BYVAL链X509Chain,BYVAL sslPolicyErrors作为SslPolicyErrors)为布尔
'返回true以强制证书被接受。
返回真
端功能
How does one pin a certificate when using s SqlConnection
? From SqlConnection Connection String Parameter Keywords & Values, I know I can set Encrypted
to true
to force (encourage?) use of SSL/TLS.
However, to pin a certificate, I believe we need to use ServerCertificateValidationCallback
from ServicePointManager
(sample code below was offered by Arne Vajhøj for HTTP/HTTPS). I'm not clear how to wire in PinCertificate
(from ServicePointManager
) to SqlConnection
.
UPDATE: Talking with Arne Vajhøj on microsoft.public.dotnet.languages.csharp, it appears its not possible to have the desired control over the connection. Vajhøj offered a link to Encrypting Connections to SQL Server.
public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback = PinCertificate;
WebRequest wr = WebRequest.Create("https://www.google.com/");
wr.GetResponse();
}
public static bool PinCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
byte[] chash = certificate.GetCertHash();
StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);
// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "C1956DC8A7DFB2A5A56934DA09778E3A11023358")
return false;
return true;
}
how about something like:
System.Net.ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCertificate)
Private Function ValidateCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
'Return True to force the certificate to be accepted.
Return True
End Function
这篇关于.NET的SqlConnection,服务器身份验证,证书钢钉的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!