我一直在尝试使用证书实现与服务器和客户端的 SSL 连接,但我一直在敲钉子并且似乎无法进行身份验证,在仔细阅读了许多帖子和线程之后,我会希望你能帮我找到问题的根源。
我总是捕获在
AuthenticateAsServer()
行抛出的异常:
System.Security.Authentication.AuthenticationException:“身份验证失败,请参阅内部异常。” Win32Exception:无法识别提供给包的凭据。
现在,我只是想通过 chrome 使用此 url 调用服务器,我确实首先尝试使用我的客户端代码,但我的
authenticateAsClient()
端不是问题的根源,因为即使使用谷歌浏览器我'我无法验证:
https://192.168.1.113:32581
使用端口
32581
进行测试,
computer.IpPort=32581
服务器ip是
192.168.1.103
,
computer.IpAddress="192.168.1.103"
这是我做的所有步骤:
使用 PowerShell New-SelfSignedCertificate 创建证书
New-SelfSignedCertificate -Subject DESKTOP-12345
这是我的服务器端代码:
getServerCert()
工作并返回正确的证书。
ValidateServerCertificate()
现在返回 true.
private readonly Computer computer;
private TcpClient TCP_Client;
private NetworkStream TCP_Stream;
private SslStream SSL_Stream;
private X509Certificate2 clientCertificate;
private ConcurrentQueue<string> TCP_pendingCommands = new ConcurrentQueue<string>();
private void TCP_Listen()
{
try
{
ServerCertificate = getServerCert();
if (ServerCertificate == null)
{
throw new Exception("Client certificate is not set.");
}
// Listen
TCP_Listener = new TcpListener(IPAddress.Any, computer.IpPort);
TCP_Listener.Start();
while (true)
{
Console.WriteLine("Waiting for a client to connect...");
Thread.Sleep(2000);
TCP_Client = TCP_Listener.AcceptTcpClient();
ProcessClient();
}
}
catch (Exception e)
{
Disconnect();
Console.WriteLine(e.Message);
Thread.Sleep(1000);
}
}
private void ProcessClient()
{
try
{
IPEndPoint remoteIpEndPoint = TCP_Client.Client.RemoteEndPoint as IPEndPoint;
computer.IpAddress = remoteIpEndPoint.Address.ToString();
TCP_Stream = TCP_Client.GetStream();
TCP_Stream.ReadTimeout = Timeout.Infinite;
SSL_Stream = new SslStream(TCP_Stream, false, ValidateServerCertificate);
SSL_Stream.AuthenticateAsServer(ServerCertificate, false, SslProtocols.Tls12, false);
if (!SSL_Stream.IsAuthenticated)
throw new Exception("Failed to connect.");
new Thread(() => TCP_Write(TCP_Client))
{
IsBackground = true,
Name = "SSL server TCP Write thread"
}.Start();
new Thread(() => TCP_Read(TCP_Client))
{
IsBackground = true,
Name = "SSL server TCP Read thread"
}.Start();
TCP_pendingCommands = new ConcurrentQueue<string>();
}
catch (Exception e)
{
Disconnect();
Console.WriteLine(e.Message);
Thread.Sleep(1000);
}
}
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// lets just return true here
return true;
}
private X509Certificate getServerCert()
{
X509Store store = new X509Store(StoreName.My,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 foundCertificate = null;
foreach (X509Certificate2 currentCertificate
in store.Certificates)
{
if (currentCertificate.IssuerName.Name
!= null && currentCertificate.IssuerName.
Name.Equals("CN=DESKTOP-12345"))
{
foundCertificate = currentCertificate;
break;
}
}
return foundCertificate;
}
如果需要,这是我的客户端,即使我还没有成功使用它:
private void Connect()
{
try
{
TCP_Client = new TcpClient(computer.IpAddress, computer.IpPort)
{
NoDelay = true
};
TCP_Stream = TCP_Client.GetStream();
TCP_Stream.ReadTimeout = Timeout.Infinite;
SSL_Stream = new SslStream(TCP_Stream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
SSL_Stream.AuthenticateAsClient("DESKTOP-12345");
byte[] buffer = new byte[4096];
int bytesRead = SSL_Stream.Read(buffer, 0, buffer.Length);
if (!SSL_Stream.IsAuthenticated)
throw new Exception("Failed to connect.");
RaisePropertyChanged(nameof(Power));
computer.RaiseComputerPropertyChanged(nameof(Power));
computer.SetComputerConnected(true);
TCP_pendingCommands = new ConcurrentQueue<string>();
}
catch (Exception e)
{
Disconnect();
Debug.Writeline(e.Message);
Thread.Sleep(1000);
}
}
public bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// refuse connection
return true;
}```