cert 和 mozroots 的 Mono 问题 [英] Mono problems with cert and mozroots

问题描述

我在我的单声道虚拟机上使用这个命令

I am using this command on my mono VM

sudo mozroots --import --sync

似乎是从 获取证书这个网站.

然后我尝试连接到我的 ssl 站点，但出现证书无效的异常.我使用 Firefox，看到证书是在 2010 年发布的.我查看了那个文件，最后一次更新是 2009-05-21 12:50

I then try to connect to my ssl site and i get the exception that the cert is invalid. I use firefox and see the cert was issued in 2010. I looked at that file and see the last time its been updated was 2009-05-21 12:50

在同一台机器上使用 firefox 时，我可以导航到我尝试连接的相同 url，并且我没有遇到 ssl 问题.(没有警报也没有要求我将其添加到异常中).

When using firefox on the same machine i can navigate to the same url i am trying to connect to and i get no ssl issues. (no alert nor asking me to add it to an exception).

我在这里很困惑.如何更新 mono 以使用最新的证书?

I am confused here. How do i update mono to use the latest certs?

-edit- 我检查了谁签署了我要访问的站点的证书，他们的名字在 certdata 中.我想知道为什么 mono 说证书无效.

-edit- I checked who signed the cert of the site i want to visit and their name is in certdata. I wonder why mono says the cert is not valid.

我试着写这个，我对它要求我导入的 3 证书点击是"

I tried writing this and i hit yes to the 3 cert it asked me to import

certmgr -ssl https://www.site.com/users/login --machine

我再次运行我的应用程序并收到此错误.谷歌搜索错误代码 0xffffffff80092012 我 发现了这个.

I ran my application again and got this error. Googling the error code 0xffffffff80092012 i found this.

看起来像一个未应用于 2.6.4 的已修复错误.或者我可能做错了.我确实将 ServerCertificateValidationCallback 设置为我自己的东西，并为此应用程序返回 true 作为对单声道的修复.

Looks like a fixed bug that hasnt been applied to 2.6.4. Or i could be doing it wrong. I do set the ServerCertificateValidationCallback to my own thing and return true for this application as a fix for mono.

System.Net.WebException:获取错误响应流(写:认证或解密有失败.):发送失败--->System.IO.IOException: 的认证或解密有失败的.--->Mono.Security.Protocol.Tls.TlsException:收到的证书无效服务器.错误代码:0xffffffff80092012

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff80092012

推荐答案

关于 bug 606002 的跟进 - 这是忽略上述错误代码的代码.在初始化时调用一次

Follow-up about bug 606002 - here is the code to ignore said error code. Call it once in your initialization

            ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
            if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors) {
                foreach (X509ChainStatus status in chain.ChainStatus) {
                    if (status.Status != X509ChainStatusFlags.RevocationStatusUnknown) {
                        return false;
                    }
                }
                return true;
            }

            return false;
        };

这篇关于cert 和 mozroots 的 Mono 问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！