C#中SslStream测试ssl协议握手
我想知道对于服务器端的证书(只验证服务器身份),该如何操作才可以使用呢,我用了makecert自己创建了,可是后续的步骤不知道该怎么做,证书要注册到机器上?还是该怎么做呢? --------------------编程问答-------------------- 你说具体点??????帮你顶顶帖子,学习一下
--------------------编程问答-------------------- 下面是客户端进程代码,ssl协议的握手过程全靠这个sslStream.AuthenticateAsClient(serverName)函数的调用实现吗?大侠帮我解答下~
using System;
using System.Collections;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Windows.Forms;
namespace Examples.System.Net
{
public class SslTcpClient
{
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None || sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
public static void RunClient(string machineName, string serverName)
{
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName, 8080);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null
);
sslStream.AuthenticateAsClient(serverName);
// Encode a test message into a byte array.
// Signal the end of the message using the "<EOF>".
byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.<EOF>");
// Send hello message to the server.
sslStream.Write(messsage);
sslStream.Flush();
// Read message from the server.
string serverMessage = ReadMessage(sslStream);
Console.WriteLine("Server says: {0}", serverMessage);
// Close the client connection.
client.Close();
Console.WriteLine("Client closed.");
}
static string ReadMessage(SslStream sslStream)
{
// Read the message sent by the server.
// The end of the message is signaled using the
// "<EOF>" marker.
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
// Read the client's message.
bytes = sslStream.Read(buffer, 0, buffer.Length);
messageData.Append(Encoding.UTF8.GetString(buffer, 0, bytes));
// Check for EOF.
if (messageData.ToString().IndexOf("<EOF>") != -1)
{
break;
}
} while (bytes != 0);
return messageData.ToString();
}
private static void DisplayUsage()
{
Console.WriteLine("To start the client specify:");
Console.WriteLine("clientSync machineName [serverName]");
Environment.Exit(1);
}
// [STAThread]
public static int Main(string[] args)
{
SslTcpClient.RunClient("172.29.137.37", "sa37");
return 0;
}
}
} --------------------编程问答-------------------- 最近正在调试这个
问题可能是两个
一. sslStream.AuthenticateAsClient(serverName);
SslStream.AuthenticateAsClientd的targetHost参数为客户端验证的服务端证书名称,就是服务器认证证书的“颁发给“字段。这里一定要写对,既不是CA的服务器地址,也不是类似http://ms-onlytiancai/certsrv/的字符串,也不是TcpServer的地址(实际上是TcpServer的netbios名称或dns名称,和申请服务器证书时的姓名字段是一个,必须相同)。如果填写其它字符串,在客户端验证的时候会出RemoteCertificateNameMismatch错误
二. 就是ssl服务器模式必须使用关联的私钥密码的证书 证书的格式应该为pfx格式 你可以用crt文件在控制台里面将其导成pfx格式
不知道你的证书是怎么导进去的 所以具体还要看看问题是出在哪个地方
补充:.NET技术 , C#
