0

我正在尝试建立SSL/TLS与我的个人聊天服务器的连接。我的代码片段如下

public void StartAuthentication(XMPPConnection connection) 
    {
        NetworkStream networkStream = new NetworkStream(connection._sock);
        _sslStream = new SslStream(networkStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback));
        X509CertificateCollection collection = new X509CertificateCollection();
        collection.Add(new X509Certificate(@"D:\ca-certs\AddTrust_External_Root.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\America_Online_Root_Certification_Authority_1.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\AOL_Member_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Baltimore_CyberTrust_Root.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Class3.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Root.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Deutsche_Telekom_Root_CA_2.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceCA-3.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceEVRootCA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_2048.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_Secure_Server_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Go_Daddy_Class_2_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\GTE_CyberTrust_Global_Root.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Internet_Authority_2010.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Secure_Server_Authority_2010.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\StartCom_Certification_Authority.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Premium_Server_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Primary_Root_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\ValiCert_Class_2_VA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\Verisign_Class3_Primary_CA.pem"));
        collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_International_Server_Class_3_CA.pem"));
        try 
        {
            _sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);

        }
        catch (Exception ex) 
        {
            Console.WriteLine(ex.Message);
        }
    }

现在程序执行后

_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);

主线程块。可能为此,ssl 握手没有开始。现在告诉我为什么主线程阻塞。谢谢

4

2 回答 2

1

我不太了解 C#,但是从 AuthenticateAsClient 的文档中,它期望您使用客户端证书对 SSL 服务器进行身份验证。而且这些必须有私钥,否则你不能使用它们。但是,您用作证书的是受信任的根证书,用于检查服务器的证书以及您没有私钥的地方。

也许您需要让自己更熟悉 SSL 的基础知识,例如谁使用哪些证书以及为什么使用等。

于 2014-06-12T18:20:10.443 回答
-1 
X509Certificate2Collection certificates = new X509Certificate2Collection();
certificates.Import(**uri**, **CertPass**, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);

ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(host);
req.AllowAutoRedirect = true;
req.ClientCertificates = certificates;
req.Method = "GET";
req.ContentType = "application/x-www-form-urlencoded";
WebResponse resp = req.GetResponse();
var html = new StreamReader(resp.GetResponseStream()).ReadToEnd();
于 2017-11-09T11:27:35.750 回答