如何在带有mkbundle的Mono应用程序的HttpListener中使用SSL [英] How to use SSL with HttpListener with an mkbundle'd Mono app
问题描述
我有一个用Mono构建的.NET应用程序,已使用mkbundle将其捆绑到本机(Linux)可执行文件中.这样一来,最终用户就无需自己搞乱和安装Mono.
I have a .NET application built with Mono, that I've bundled into a native (Linux) executable using mkbundle. This is so that end users don't need to mess around and install Mono themselves.
该应用程序使用ServiceStack,而其内部使用的是HttpListener.我需要通过启用SSL的HTTP端点公开Web服务.
The application uses ServiceStack, which under the hood uses HttpListener. I need the web services to be exposed over an SSL-enabled HTTP endpoint.
通常,您将在配置过程中运行类似httpcfg -add -port 1234 -p12 MyCert.pfx -pwd "MyPass"的操作(这实际上所做的只是将证书复制到特定路径),并且HttpListener会自动将证书绑定到端口.
Normally, you would run something like httpcfg -add -port 1234 -p12 MyCert.pfx -pwd "MyPass" during configuration (all this really does is copy the certificate to a specific path), and HttpListener would automatically bind the certificate to the port.
因此HttpListener在运行时从特定路径加载证书.
So HttpListener loads certificates from a particular path at runtime.
该路径是否经过硬编码?还是因为最终用户将不会安装Mono,所以我可以通过某种方式告诉它使用其他位置的证书吗?
Is that path hard-coded? Or is there some way I can tell it to use a certificate from another location, since the end user will not have Mono installed?
推荐答案
是HttpListener希望在其上查找证书的路径是预定义的,并且不能由用户以编程方式或通过配置文件指定. Mono EndPointListener类将查找路径:
Yes the path that HttpListener expects to find certificates at is predefined, and cannot be specified by the user, programatically or through a config file. The Mono EndPointListener class will look for the path:
~/.config/.mono/httplistener/
string dirname = Environment.GetFolderPath (Environment.SpecialFolder.ApplicationData);
string path = Path.Combine (dirname, ".mono");
path = Path.Combine (path, "httplistener");
您已经注意到,这与httpcfg将证书复制到的路径相同.
As you have noted this is the same path the httpcfg copies certificates to.
即使您使用的是mkbundle,无论安装了Mono运行时的事实如何,这仍然是HttpListener仍希望从中读取证书的地方.
Even though you are using mkbundle, this is still where HttpListener will expect to read the certificate from, regardless of the fact that the Mono runtime is installed.
在应用程序启动时,您应该:
In your application startup, you should:
- 检查目录是否存在,并根据需要创建
- 将证书和密钥从应用程序中的嵌入式资源写入该路径. PouPou在这里的答案显示了HttpCfg.exe使用的方法.
- Check for the existence of the directories, and create as required
- Write your certificate and key to that path from an embedded resource in your application. PouPou's answer here shows the method used by HttpCfg.exe.
因此,消除了运行httpcfg的要求,您将可以直接在应用程序中直接构建该功能.
Therefore eliminating the requirement to run httpcfg, you will effectively be building that functionality straight into your application.
Mono是否对其从那里为HttpListener加载的证书执行任何验证?也就是说,它将期望在证书库中找到颁发者的证书吗?
Does Mono perform any validation of the certificates it loads from there for HttpListener? i.e., will it expect to find the issuer's certificate in the certificate store?
我不确定在创建侦听器时或在每次连接请求时,Mono是否在证书存储区中检查有效的相应发行者证书.但是,您可以自己将CA证书添加到证书存储中,也可以导入所有标准Mozroot证书.
I don't know for sure if Mono checks for a valid corresponding issuers certificate in the certificate store at the point of creating the listener, or upon each connection request. However you can add a CA cert to the certificate store yourself, or import all the standard Mozroot certificates.
Mozroots的完整源代码为这里.这显示了如何导入CA证书.
The full source code for Mozroots is here. This shows how to import the CA certs.
证书存储的路径是否也被硬编码?
Is the path to the certificate store also hard-coded?
应该通过X509StoreManager提供程序来管理证书存储.
The certificate store should be managed through the X509StoreManager provider.
这篇关于如何在带有mkbundle的Mono应用程序的HttpListener中使用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
