8

如何关闭 WCF 服务客户端的证书吊销?客户端代理由 wsdl.exe 生成并继承 SoapHttpClientProtocol。

4

2 回答 2

9

我想你正在寻找ServicePointManager.ServerCertificateValidationCallback

http://msdn.microsoft.com/en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

这需要一个RemoteCertificateValidationCallback代表:

http://msdn.microsoft.com/en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx

我以前从未处理过被吊销的证书(我有手处理其他问题,例如过期的 SSL),但我猜你只会做类似的事情:

class Program
{
    static void Main(string[] args)
    {
        ServicePointManager.ServerCertificateValidationCallback +=
            new RemoteCertificateValidationCallback(ValidateCertificate);

        // Do WCF calls...
    }

    public static bool ValidateCertificate(object sender, X509Certificate cert, 
                              X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
        {
            foreach(X509ChainStatus chainStatus in chain.ChainStatus)
            {
                if(chainStatus.Status == X509ChainStatusFlags.Revoked)
                {
                    return true;
                }
            }
        }
        
        /* 
         WARNING!
     
         You should perform other cert validation checks here and not blindly 
         override your cert validation by returning true.

         Otherwise the secure channel between your client and service
         may not be secure.

        */

        return false;
    }
}
于 2008-10-15T09:57:59.087 回答
1

您可以在应用程序的配置文件中设置证书验证和吊销选项:

http://www.request-response.com/blog/PermaLink,guid,e9bb929b-d0b4-4626-b302-1d2715fc344a.aspx

于 2008-10-15T14:23:21.123 回答