我可以使用 openssl 成功连接到公司服务器:
openssl s_client -connect {ip_address}:{tcp_port} -cert client.pem -key client.key -CAfile ca.cer
输出显示协商的协议是TLS 1.2。
我想用C#实现这个连接。这是我目前的尝试。请注意,我提供了客户端的证书和私钥,但我没有检查服务器证书:
var clientPrivateKey = RSA.Create();
clientPrivateKey.ImportFromPem(File.ReadAllText("client.key"));
var clientCertificate = new X509Certificate2("client.pem").CopyWithPrivateKey(clientPrivateKey);
var clientCertificates = new X509Certificate2Collection(clientCertificate);
using (var tcpClient = new TcpClient(ipAddress, tcpPort))
using (var sslStream = new SslStream(tcpClient.GetStream()))
{
sslStream.AuthenticateAsClient(new SslClientAuthenticationOptions
{
AllowRenegotiation = true,
EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13,
CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
ClientCertificates = clientCertificates,
TargetHost = ipAddress, // ???
RemoteCertificateValidationCallback = (_, _, _, _) => true
});
}
不幸的是
sslStream.AuthenticateAsClientReceived an unexpected EOF or 0 bytes from the transport stream. (System.IO.IOException)
我已经在 MSDN、StackOverflow 等上阅读了有关此问题的所有内容。一些观察:
虽然 openssl 命令行说协议是 TLS 1.2,但我尝试了其他值,也尝试不设置
EnabledSslProtocolsAllowRenegotiationCertificateRevocationCheckModeTargetHostCan't use SSL_get_servername-- 提前感谢您的帮助!