在Unity中验证SSL \ TLS证书 [英] Validating SSL\TLS certificate in Unity
问题描述
我在统一证书验证方面遇到问题.我使用.Net类HttpWebResponse发出请求,并向ServicePointManager.ServerCertificateValidationCallback提供了回调函数.
I have a problem with certificate validation in unity. Im using .Net class HttpWebResponse to make requests and provided callback function to ServicePointManager.ServerCertificateValidationCallback.
该证书已通过授权机构签署,并且可以在网络浏览器中正常工作.
The certificate is signed by authority and works fine in web browser.
验证失败并显示以下状态:X509ChainStatusFlags.PartialChain X509ChainStatusFlags.RevocationStatusUnknown X509ChainStatusFlags.OfflineRevocation
The validation fails with statuses: X509ChainStatusFlags.PartialChain X509ChainStatusFlags.RevocationStatusUnknown X509ChainStatusFlags.OfflineRevocation
从我的角度来看,问题是空的根证书存储和空的CRL列表.我打开了Mono源代码,发现应该从X509Store获取此数据,但是不知何故它不包含任何Root证书或CRL.
The problem, how I see it, is empty root certificate storage and empty CRLs list. I opened Mono source code and found that this data is supposed to be got from X509Store, but somehow it does not contain any of Root certificates or CRLs.
我需要实现对证书的正确验证,而不仅仅是通过在ServerCertificateValidationCallback中返回true或对证书指纹进行硬编码来跳过它,为此,我需要提供所有必需的数据.
I need to implement correct validation of certificate, not just skip it by returning true in ServerCertificateValidationCallback or hardcode the certificates thumbprint, and for doing that I need to provide all the required data.
假设我知道Root权限,则可以在应用程序启动时将其添加到存储中.但是它不适用于CRL.该平台是Android \ IOS.
Supposing that I know the Root authority, I can add it to storage on application start. But it does not work with CRLs. The platform is Android\IOS.
问题是:如何强制统一安装Root和CRL?
The question is: How can I force unity to install Roots and CRLs?
推荐答案
您可以通过X509Store安装证书.安装是持久的,因此只需要调用一次.根据
You can install certificate via X509Store. The installation is persist so only need to call once. According to X509Certificate2 create a cert from Base64 or DER bytes. It can be exported by openssl: openssl x509 -inform DER -in YOUR_ROOT_CER.cer -out YOUR_BASE64_PEM.pem
.
private static void InstallCertificate(byte[] cert)
{
X509Certificate2 certificate = new X509Certificate2(cert);
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
}
在Android上StoreLocation.LocalMachine
是/usr/xxx/.mono
时,请注意StoreLocation.CurrentUser
指向/data/data/<your.package.name>/.mono/
.
Make attentions to StoreLocation.CurrentUser
pointed to /data/data/<your.package.name>/.mono/
while StoreLocation.LocalMachine
is /usr/xxx/.mono
on android.
这篇关于在Unity中验证SSL \ TLS证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!