我需要升级.NET应用程序以支持在仅支持TLS 1.2的网站上调用API.根据我的阅读,如果应用程序的目标是4.6或更高,那么默认情况下它将使用TLS 1.2.
为了测试我创建了一个面向4.7的Windows窗体应用程序.不幸的是,当我没有明确设置ServicePointManager.SecurityProtocol时,它会出错.这是代码:
HttpClient _client = new HttpClient();
var msg = new StringBuilder();
// If I uncomment the next line it works, but fails even with 4.7
// ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var httpWebRequest = (HttpWebRequest)WebRequest.Create("https://sandbox.authorize.net");
httpWebRequest.KeepAlive = false;
try
{
var httpWebResponse = (HttpWebResponse) httpWebRequest.GetResponse();
msg.AppendLine("The HTTP request Headers for the first request are: ");
foreach (var header in httpWebRequest.Headers)
{
msg.AppendLine(header.ToString());
}
ResponseTextBox.Text = msg.ToString();
}
catch (Exception exception)
{
ResponseTextBox.Text = exception.Message;
if (exception.InnerException != null)
{ …我从证书服务器发给自己一个代码签名证书.我也从同一个证书服务器发给自己的根证书.根证书存在于"受信任的根证书颁发机构"文件夹中的"当前用户"和"本地计算机"证书存储中.我已使用signtool.exe向导成功签名了DLL:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" signwizard <MyDLLName>.dll
但是,当我尝试验证我的DLL时,它验证失败并出现以下错误:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" verify <MyDLLName>.dll
SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
SignTool Error: File not valid: <MyDLLName>.dll
为什么会这样?我认为在受信任的根证书颁发机构文件夹中拥有根证书将验证DLL.