C#SSL安全套接字 [英] C# SSL secure sockets
问题描述
我有一个美好的,工作沟通的应用程序,用C#编写。现在,我需要实现与服务器的安全连接。我试着改变Socket和TcpClient的物体进入SslStream,但我得到了一些错误。
首先,我用makecert生成的.cer证书。 OpenSSL的证书并没有为我工作,因为他们没有包括私钥。接下来,我创建了一个证书对象在服务器上,并将其绑定到SslStream:
X509证书serverCertificate = X509Certificate.CreateFromCertFile(CA。 CER);
TcpClient的ClientSocket的= this.tcpListener.AcceptTcpClient();
SslStream SSLS =新SslStream(clientSocket.GetStream(),FALSE);
ssls.AuthenticateAsServer(serverCertificate,假SslProtocols.Tls,真正的);
在客户端我这样做:
TcpClient的客户端=新的TcpClient(settings.IP,settings.Port);
sslStream =新SslStream(client.GetStream(),虚假,
新RemoteCertificateValidationCallback(ValidateServerCertificate),NULL);
sslStream.AuthenticateAsClient(settings.IP);
公共静态布尔ValidateServerCertificate(对象发件人,X509证书证书,X509Chain链,SslPolicyErrors sslPolicyErrors)
{
如果(sslPolicyErrors == SslPolicyErrors.None)
返回真;
Console.WriteLine(证书错误:{0},sslPolicyErrors);
返回FALSE;
}
但AuthenticateAsClient函数抛出异常。我试过几个其他方法参数,但没有这个工作对我来说。
谁能帮我,还是一步一步讲解如何改变简单的插座到安全的呢?需要明确的是,SSL不要求 - 如果进行连接固定,我可以使用更简单的方法。
编辑:异常
消息如下:
根据验证过程的远程证书无效。
什么是例外呢?
我猜你所得到的例外,因为你的客户端证书被拒绝,因为从服务器有效(除非你做了必要的事情来建立信任)。
当您使用自签名证书(由makecert创建的),你就必须创建SslStream对象时也提供一个客户端证书验证回调。使用此构造函数重载 http://msdn.microsoft.com/en-us/library /ms145056.aspx
I have a fine, working communicator application, written in C#. Now I need to implement a secure connection to the server. I've tried changing Socket and TcpClient objects into SslStream, but I got a few errors.
Firstly I generated a .cer certificate using makecert. OpenSSL certificates didn't worked for me, because they didn't include private key. Next I created a certificate object on the server and bound it to the SslStream:
X509Certificate serverCertificate = X509Certificate.CreateFromCertFile("ca.cer");
TcpClient clientSocket = this.tcpListener.AcceptTcpClient();
SslStream ssls = new SslStream(clientSocket.GetStream(), false);
ssls.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
On the client side I'm doing this:
TcpClient client = new TcpClient(settings.IP, settings.Port);
sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
sslStream.AuthenticateAsClient(settings.IP);
public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
return false;
}
but the AuthenticateAsClient function throws an exception. I tried several other method parameters, but none of this worked for me.
Could anyone help me, or explain step by step how to change simple sockets into secure ones? To be clear, SSL isn't the requirement - if there is simpler way to make the connection secure I can use that.
Edit: Message in exception is following:
The remote certificate is invalid according to the validation procedure.
What's the exception ?
I guess you are getting the exception because your client certificate is rejected as valid from the server (unless you did the necessary things to set up trust).
When you use self signed certificates(the ones created by makecert), you would have to also supply a Client Certificate Validation callback when creating the SslStream object. Use this constructor overload http://msdn.microsoft.com/en-us/library/ms145056.aspx
这篇关于C#SSL安全套接字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
