我正在尝试建立SSL/TLS到我的个人聊天服务器的连接。我的代码段如下
public void StartAuthentication(XMPPConnection connection)
{
NetworkStream networkStream = new NetworkStream(connection._sock);
_sslStream = new SslStream(networkStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ClientCertificateSelectionCallback));
X509CertificateCollection collection = new X509CertificateCollection();
collection.Add(new X509Certificate(@"D:\ca-certs\AddTrust_External_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\America_Online_Root_Certification_Authority_1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\AOL_Member_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Baltimore_CyberTrust_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Class3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\CAcert_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Deutsche_Telekom_Root_CA_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceCA-3.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\DigiCertHighAssuranceEVRootCA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_2048.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Entrust.net_Secure_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Go_Daddy_Class_2_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\GTE_CyberTrust_Global_Root.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Internet_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Microsoft_Secure_Server_Authority_2010.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\StartCom_Certification_Authority.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Premium_Server_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Thawte_Primary_Root_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\ValiCert_Class_2_VA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\Verisign_Class3_Primary_CA.pem"));
collection.Add(new X509Certificate(@"D:\ca-certs\VeriSign_International_Server_Class_3_CA.pem"));
try
{
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
现在执行程序后
_sslStream.AuthenticateAsClient("lap-020.alumnus.co.in", collection, SslProtocols.Tls, true);
主线程块。可能为此无法启动ssl握手。现在告诉我为什么是主线程块。谢谢
我对C#不太了解,但是从AuthenticateAsClient的文档中可以看出,这里期望您使用客户端证书来针对SSL服务器进行身份验证。并且这些必须具有私钥,否则您将无法使用它们。但是,用作证书的是受信任的根证书,该根证书用于检查服务器的证书以及没有私钥的位置。
也许您需要使自己更加熟悉SSL的基础知识,例如谁使用哪些证书以及为什么使用证书等。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句