SSL Certificates Name Mismatch_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-11 03:43 出处：网络

I am working on making a TCP SSL server, using only .NET technology. First, using the SSL Stream examples on here, created the client/server code, next, to create the certificates I used this (excep

I am working on making a TCP SSL server, using only .NET technology.

First, using the SSL Stream examples on here, created the client/server code, next, to create the certificates I used this (except for the part of registering the network service stuff... didn't work)

The starting communication to the SSL Server, is working, but since i need validation of the client/server certificate files, I added this:

public static bool ValidateServerCertificate(
          object sender,
          X509Certificate certificate,
          X509Chain chai开发者_如何学JAVAn,
          SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        // Do not allow this client to communicate with unauthenticated servers.
        Console.WriteLine(" > Remote Certificate Error : {0}", sslPolicyErrors);
        return false;
    }

and this:

public static X509Certificate ValidateClientCertificate(
        object sender,
        string targetHost,
        X509CertificateCollection localCertificates,
        X509Certificate remoteCertificate,
        string[] acceptableIssuers)
    {
        Console.WriteLine(" > Client is selecting a local certificate.");
        if (acceptableIssuers != null &&
            acceptableIssuers.Length > 0 &&
            localCertificates != null &&
            localCertificates.Count > 0)
        {
            // Use the first certificate that is from an acceptable issuer.
            foreach (X509Certificate certificate in localCertificates)
            {
                string issuer = certificate.Issuer;
                if (Array.IndexOf(acceptableIssuers, issuer) != -1)
                    return certificate;
            }
        }
        if (localCertificates != null &&
            localCertificates.Count > 0)
            return localCertificates[0];

        return null;
    }

on both, server and client.

Creating the connection this way:

SslStream sslStream = new SslStream(
            client.GetStream(),
            true,
            new RemoteCertificateValidationCallback(ValidateServerCertificate),
            new LocalCertificateSelectionCallback(ValidateClientCertificate)
            );
        // The server name must match the name on the server certificate.
        try
        {
            sslStream.AuthenticateAsClient(serverName, CertColection, SslProtocols.Tls, false);
        }...(etc)...

and

SslStream flujo = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ValidateClientCertificate));
        //Código anterior: NetworkStream flujo = tcpClient.GetStream();
        //Continúa, intentar autentificar la conexión.

        Console.WriteLine(" > Autentificando");
        try
        {
           flujo.AuthenticateAsServer(certificadoServidor, false, SslProtocols.Tls, true);
        }...(etc)...

Client says: "RemoteCertificateNameMismatch" Server says: "RemoteCertificateNotAvailable"

on their respective sslPolicyErrors info.

What I am doing wrong? Which step I missed?