cod*_*ape 4 .net windows ssl https ssl-certificate
案子:
现在的问题是,我们仍然在客户端上遇到相同的异常:“根据验证过程,远程证书无效。”
我的问题:
更新:我们重新启动了客户端进程,然后它可以工作。对我来说,这表明每个过程每个客户端都缓存了一些SSL服务器证书验证状态。我仍然非常想了解有关此细节的更多信息:在什么级别的堆栈上发生?WCF?。净?Windows API?缓存了多长时间?有什么办法可以调整缓存行为?我可以手动清空缓存吗?这是在某处记录的吗?
完整堆栈跟踪:
[E0]: The remote certificate is invalid according to the validation procedure.
[T0]: System.Security.Authentication.AuthenticationException at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[]
buffer, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) at
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at
System.Net.ConnectStream.WriteHeaders(Boolean async) [E1]: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel. [T1]: System.Net.WebException at
System.Net.HttpWebRequest.GetResponse() at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannel
Request.WaitForReply(TimeSpan timeout) [E2]: Could not establish trust
relationship for the SSL/TLS secure channel with authority
'***removed***'. [T2]:
System.ServiceModel.Security.SecurityNegotiationException
我遇到了同样的问题。我正在使用本地根CA证书验证TLS。如果我从存储中删除了证书,则后续请求(使用HttpWebRequest)将继续验证是否每隔几秒钟进行一次调用。但是,如果我等待了很短的时间(30-60秒),则下一个调用将失败,因为它找不到根证书。
将HttpWebRequest.KeepAlive属性设置为false以防止缓存。要获得更多控制权,您似乎必须开始反思。请参阅问题如何清除客户端.Net SSL会话缓存。