C#忽略证书错误？

Question

C#忽略证书错误？

JL.*_*JL. 147 .net c# ssl

在对远程Web服务的Web服务请求期间,我收到以下错误:

无法为SSL/TLS安全通道建立信任关系.---> System.Security.Authentication.AuthenticationException:根据验证程序,远程证书无效.

反正有没有忽略这个错误,并继续？

似乎远程证书没有签名.

我连接的网站是www.czebox.cz- 所以随时访问该网站,并注意甚至浏览器抛出安全例外.

Answer 1

Pet*_*old 315

添加证书验证处理程序.返回true将允许忽略验证错误:

ServicePointManager
    .ServerCertificateValidationCallback += 
    (sender, cert, chain, sslPolicyErrors) => true;

Run Code Online (Sandbox Code Playgroud)

这比起初看起来更有用.我在使用Managed Exchanged Web Services(EWS)时遇到了OP的问题.我以为我无法使用这个答案,因为我无法访问该托管库所做的低级SOAP调用.但当我再看一遍时,我意识到ServicePointManager独立存在.所以,我在初始化ExchangeService之前添加了上面的回调,它就像一个魅力. (6认同)
@MiguelVeloso你可以随心所欲地进行投票,但请记住,问题和答案都没有讨论安全问题.主题明确是"如何忽略验证错误",而不是"我们为什么要这样做/不这样做",这是一个完全不同的主题.讨论为什么OP不应该这样做只会使水域变得混乱,因为评论者指出有合理的情况你实际上会这样做.所以我们坚持主题并解决问题. (4认同)
以下是如何全局应用旁路的示例.让我们所有人陷入不良行为.(有时你别无选择)http://jasig.275507.n4.nabble.com/NET-tip-for-dealing-with-bad-SSL-Certs-td2268566.html (2认同)
@MarkMeuer几乎要放弃我的EWS API问题的解决方案,但后来我看到了你的评论. (2认同)

Answer 2

Ogg*_*las 32

允许所有证书非常强大,但也可能是危险的.如果您只想允许有效证书加上某些证书,可以这样做.

System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate (
    object sender,
    X509Certificate cert,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors)
{
    if (sslPolicyErrors == SslPolicyErrors.None)
    {
        return true;   //Is valid
    }

    if (cert.GetCertHashString() == "99E92D8447AEF30483B1D7527812C9B7B3A915A7")
    {
        return true;
    }

    return false;
};

Run Code Online (Sandbox Code Playgroud)

更新:

如何cert.GetCertHashString()在Chrome中获得价值:

单击地址栏中的Secure或Not Secure.

然后单击Certificate - > Details - > Thumbprint并复制该值.记得要做cert.GetCertHashString().ToLower().

这应该是公认的答案,只需要多一点工作,但危险性要小得多.谢谢! (3认同)
@MiguelVeloso完全同意.这允许跳过检查(希望)一个或两个证书而不会完全损害安全性. (3认同)

Answer 3

小智 29

IgnoreBadCertificates方法:

//I use a method to ignore bad certs caused by misc errors
IgnoreBadCertificates();

// after the Ignore call i can do what ever i want...
HttpWebRequest request_data = System.Net.WebRequest.Create(urlquerystring) as HttpWebRequest;

/*
and below the Methods we are using...
*/

/// <summary>
/// Together with the AcceptAllCertifications method right
/// below this causes to bypass errors caused by SLL-Errors.
/// </summary>
public static void IgnoreBadCertificates()
{
    System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
}  

/// <summary>
/// In Short: the Method solves the Problem of broken Certificates.
/// Sometime when requesting Data and the sending Webserverconnection
/// is based on a SSL Connection, an Error is caused by Servers whoes
/// Certificate(s) have Errors. Like when the Cert is out of date
/// and much more... So at this point when calling the method,
/// this behaviour is prevented
/// </summary>
/// <param name="sender"></param>
/// <param name="certification"></param>
/// <param name="chain"></param>
/// <param name="sslPolicyErrors"></param>
/// <returns>true</returns>
private static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
    return true;
}

Run Code Online (Sandbox Code Playgroud)

我必须再添加一行以使其与我的代码一起使用（我正在使用websocket4net）。System.Net.ServicePointManager.CheckCertificateRevocationList = false; 在设置服务器证书验证回调之后。 (2认同)

Answer 4

big*_*num 24

它失败的原因不是因为它没有签名,而是因为客户端不信任根证书.而不是关闭SSL验证,另一种方法是将根CA证书添加到您的应用信任的CA列表中.

这是您的应用当前不信任的根CA证书:

Run Code Online (Sandbox Code Playgroud)

您可以使用解码和查看此证书

此证书解码器或其他证书解码器

Answer 5

Roh*_*gid 8

绕过 SSL 证书....

        HttpClientHandler clientHandler = new HttpClientHandler();
        clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; };

        // Pass the handler to httpclient(from you are calling api)
        var client = new HttpClient(clientHandler)

Run Code Online (Sandbox Code Playgroud)

Answer 6

小智 7

在客户端配置中禁用ssl证书验证。

<behaviors>
   <endpointBehaviors>
      <behavior name="DisableSSLCertificateValidation">
         <clientCredentials>
             <serviceCertificate>
                <sslCertificateAuthentication certificateValidationMode="None" />
              </serviceCertificate>
           </clientCredentials>
        </behavior>

Run Code Online (Sandbox Code Playgroud)

Answer 7

dig*_*ogo 7

老了，但仍然有帮助...

实现相同行为的另一个好方法是通过配置文件（web.config）

 <system.net>
    <settings>
      <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
    </settings>
  </system.net>

Run Code Online (Sandbox Code Playgroud)

注意：在 .net 上进行了完整测试。

Answer 8

use*_*528 5

这段代码对我有用。我必须添加TLS2，因为这就是我感兴趣的URL。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback +=
    (sender, cert, chain, sslPolicyErrors) => { return true; };
using (var client = new HttpClient())
{
    client.BaseAddress = new Uri(UserDataUrl);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new
      MediaTypeWithQualityHeaderValue("application/json"));
    Task<string> response = client.GetStringAsync(UserDataUrl);
    response.Wait();

    if (response.Exception != null)
    {
         return null;
    }

    return JsonConvert.DeserializeObject<UserData>(response.Result);
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	15 年，4 月前
查看次数：	182613 次
最近记录：	5 年，11 月前