调试失败HTTPS的WebRequest [英] Debugging failing HTTPS WebRequest
问题描述
我正在写一个小程序,将使用HTTPS和HttpWebRequest类做一个GET请求到服务器。服务器(显然)有一个服务器证书。该公司还预计客户端提供的证书。
提出请求然而,当我得到一个System.Net.WebException指出,这是不可能建立一个安全的TLS / SSL连接。我很快发现,服务器的证书无效。假设这是什么导致的异常,我试着接受无效证书(更新证书,不幸的是,不是一种选择),使用下面的code:
ServicePointManager.ServerCertificateValidationCallback + =委托{
返回true;
};
这并没有解决这个问题,但是。
由于异常并没有给出任何细节,很难真正确定是什么原因造成的。我试图覆盖服务器证书无效而无法正常工作?在客户端证书,我提供了不被信任的服务器?我不能加载以适当方式将客户端证书?
我倒是对如何调试这类问题的爱的技巧。我没有访问服务器或它的日志,不幸
下面的code中的重要组成部分:
ServicePointManager.ServerCertificateValidationCallback + =委托{
返回true;
};
HttpWebRequest的REQ =(HttpWebRequest的)WebRequest.Create(URL); // URL是HTTPS URL。
x509证书clientCert =新的X509证书(certificate.crt,密码);
req.ClientCertificates.Add(clientCert);
WebResponse类RESP = req.GetResponse(); //这个失败!
巴掌一些跟踪就可以了!痕迹是你最好的朋友调试theese东西的时候。我曾经有一个客户端,无法连接到我们的启用SSL的服务。使用跟踪我发现有人移动系统时钟过去我们的证书到期日期。但是,我离题了。
启用所有适用的跟踪源,看一些有趣的东西展现出来在日志中。
有一个老(2005年),但出色的后通过Durgaprasad Gorti,你应该看看。它会告诉你到底是什么来源补充,并在其中他也显示了一些痕迹SSL使用自定义的验证回调。
这是非常相同的博客文章示例的app.config:
< XML版本=1.0编码=UTF-8&GT?;
<结构>
< System.Diagnostics程序>
<跟踪自动冲洗=真/>
<源>
<信源名=System.Net>
<听众>
<添加名称=MyTraceFile/>
< /听众>
< /源>
< /来源>
< sharedListeners>
<添加
NAME =MyTraceFile
TYPE =System.Diagnostics.TextWriterTraceListener
initializeData =System.Net.trace.log
/>
< / sharedListeners>
<开关>
<添加名称=System.Net值=松散/>
< /开关>
< /system.diagnostics>
< /结构>
希望这会为你提供一些更多的数据。
I'm writing a small program which will make a GET request to a server using HTTPS and the HttpWebRequest class. The server (obviously) has a server certificate. It also expects the client to provide a certificate.
When making the request, however, I get a System.Net.WebException stating that it wasn't possible to establish a secure TLS/SSL connection. I quickly discovered that the server's certificate wasn't valid. Assuming this was what was causing the exception, I tried to accept the invalid certificate (updating the certificate is, unfortunately, not an option) using the code below:
ServicePointManager.ServerCertificateValidationCallback += delegate {
return true;
};
That didn't solve the problem, however.
Since the exception doesn't give any detail, it's hard to actually determine what is causing it. Is my attempt to override the invalid server certificate not working? Is the client certificate I'm providing not trusted by the server? Am I not loading the client certificate in the proper manner?
I'd love tips on how to debug this sort of problem. I do not have access to the server or its logs, unfortunately.
Below is the important parts of the code:
ServicePointManager.ServerCertificateValidationCallback += delegate {
return true;
};
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); // url is an HTTPS URL.
X509Certificate clientCert = new X509Certificate("certificate.crt", "password");
req.ClientCertificates.Add(clientCert);
WebResponse resp = req.GetResponse(); // This fails!
Slap some tracing on it! Traces are your best friend when debugging theese things. I once had one client which couldn't connect to our SSL-enabled service. Using tracing I found that someone had moved the system clock past our certificate expiry date. But I digress.
Enable all applicable trace sources and see if something interesting show up in the logs.
There's an old (2005) but excellent post by Durgaprasad Gorti that you should check out. It'll show you exactly what sources to add and in it he also shows some SSL traces using a custom validation callback.
Example app.config from the very same blog post:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.Net">
<listeners>
<add name="MyTraceFile"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add
name="MyTraceFile"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="System.Net.trace.log"
/>
</sharedListeners>
<switches>
<add name="System.Net" value="Verbose" />
</switches>
</system.diagnostics>
</configuration>
Hopefully that'll provide you with some more data.
这篇关于调试失败HTTPS的WebRequest的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
