1

使用以下代码,我可以建立 SSL 连接:

   $cert = dir cert:\CurrentUser\My | where {$_.Subject -like "*Alice*"}

   $computerName = "google.com"
   $port = "443"

   $socket = New-Object Net.Sockets.TcpClient($computerName, $port)
   $stream = $socket.GetStream()

   $sslStream = New-Object System.Net.Security.SslStream $stream,$false
   $sslStream.AuthenticateAsClient($computerName)


    $sslStream

这工作正常。但现在我不想为身份验证添加客户端证书。认为我只需要替换

$sslStream.AuthenticateAsClient($computerName)


$sslStream.BeginAuthenticateAsClient($computerName,$cert,"SslProtocols",$false,"Foo" ,"Bar")

但我并不幸运地得到了正确的论点。Sombody 可以解决 Assync 调用吗 ;-) 也许我需要一些 C# 代码?!?

论据是:

System.IAsyncResult BeginAuthenticateAsClient(

string targetHost, 
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, 
System.Security.Authentication.SslProtocols enabledSslProtocols,
bool checkCertificateRevocation, 
System.AsyncCallback asyncCallback, 
System.Object asyncState)

我最终想要实现的是列出并稍后指定客户端连接到的 CipherSuites。(我可以使用我知道的 Wireshark ;-))

4

2 回答 2

4

终于让它工作了,不是参数 4,而是 $Cert 不是集合。

   $cert = dir cert:\CurrentUser\My | where {$_.Subject -like "*alice*"}

   $computerName = "google.com"
   $port = "443"

    [System.Security.Authentication.SslProtocols]$protocol = "ssl3"

   $certcol = New-object System.Security.Cryptography.X509Certificates.X509CertificateCollection
   $certcol.Add($cert)




   $socket = New-Object Net.Sockets.TcpClient($computerName, $port)
   $stream = $socket.GetStream()

   $sslStream = New-Object System.Net.Security.SslStream $stream,$false
   #$sslStream.AuthenticateAsClient($computerName)
   $sslStream.AuthenticateAsClient($computerName,$certcol,$protocol,$false) 


    $sslStream
于 2012-01-26T14:30:15.980 回答
0

根据文档, 和 之间的区别在于AuthenticateAsClient后者BeginAuthenticateAsClient用于异步使用。

您应该尝试AuthenticateAsClient(String, X509CertificateCollection, SslProtocols, Boolean),其中第二个参数是可以使用的客户端证书的集合(最好是X509Certificate2,因为您需要与证书关联的私钥才能用于身份验证)。

于 2012-01-26T13:04:04.180 回答