Mic*_*Fan 6 .net c# ssl compact-framework x509
我在Windows Mobile 6中工作,并希望在与Apache Web服务器通信时进行客户端身份验证.我在我的本地证书商店有证书,它应该是相当简单的:
X509Store myStore = new X509Store("MY", StoreLocation.CurrentUser);
myStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = myStore.Certificates;
X509Certificate2 clientcertificate;
foreach (X509Certificate 2certificate in certificates) {
clientcertificate = certificate; //omitted code to validate certificate
}
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(webPage);
req.AllowWriteStreamBuffering = true;
req.AllowAutoRedirect = false;
req.Method = "POST";
req.ContentType = "text/xml";
req.Accept = "text/xml";
req.ClientCertificates.Add(clientcertificate);
Stream stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
只要我删除"req.ClientCertificates.Add(clientcertificate)"行,此代码段就可以正常工作.
插入后,我会收到"无法为SSL/TLS建立安全通道".非常疯狂,当我在常规.Net Framework中使用这个确切的代码时,它会完美地传输证书.
有没有人知道Compact Framework中是否可行?如果我无法提供X509Certificate进行客户端身份验证,我应该采取哪些其他方法来确保身份验证正确(我应该可以访问CAPI或其他Microsoft加密模块)
谢谢.
好消息:我解决了。事实证明这与 .Net Compact Framework 无关。在3.5 CF中,只要能访问X509证书就支持HTTPWebRequest.ClientCertificates。
SSL握手失败的原因是服务器端证书的信任问题。我们的服务器证书是自签名的,并且我们使用了为错误 URL 签名的证书,因此应用程序理所当然地不会信任所提供的服务器证书。出于测试目的,我们制定了“信任所有证书”策略,该策略将在生产中删除。
sealed class AcceptAllCertificatePolicy : ICertificatePolicy
{
private const uint CERT_E_UNTRUSTEDROOT = 0x800B0109;
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate
certificate, WebRequest request, int certificateProblem)
{
// Just accept.
return true;
}
/*public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert, WebRequest req, int problem)
{
return true;
}*/
}
在 HTTPWebRequest 之前引用
System.Net.ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
这解决了我们的 SSL/TLS 安全通道问题。
| 归档时间: |
|
| 查看次数: |
3060 次 |
| 最近记录: |