问题描述
我正在尝试使用 SmtpClient.Send
以编程方式发送电子邮件.我目前在尝试发送电子邮件时收到 AuthenticationException
.这是因为证书验证过程失败.
I'm attempting to send emails programmatically using SmtpClient.Send
. I am currently getting an AuthenticationException
when attempting to send the email. This is because of the certificate validation procedure failing.
我知道证书是正确的,但是我也理解信任所有证书并不安全,就像这样做的建议一样
I know that the certificate is the correct one, but I also understand that it's not secure to trust all certificates much like the suggestions of doing this:
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) => { return true; };
所以我想知道对已知的有效证书指纹进行 Thumbprint
的测试是否足够安全,就像这样:
So I was wondering if testing the Thumbprint
for a known valid certificate thumbprint is secure enough, like so:
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) =>
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
else if (certificate.GetCertHashString().Equals("B1248012B10248012B"))
return true;
return false;
};
推荐答案
是.
指纹是证书的SHA1哈希,虽然不是绝对不可能,但很难伪造.
The thumbprint is a SHA1 hash of the certificate, and while not absolutely impossible, is extremely difficult to forge.
从技术上讲,目前尚不存在对SHA1的已知可行的第二原像攻击.
In technical terms, there are currently no known feasable second-preimage attacks on SHA1.
但是,如果有任何疑问,您可以使用指纹作为密钥来存储整个证书.然后,您可以将整个证书与您存储的受信任证书进行比较.
However, if in any doubt, you may store the whole certificate, perhaps using the fingerprint as a key. Then you can compare the whole certificate against your stored, trusted certificate.
这篇关于如果您知道无效的证书是安全的,那么测试X509Certificate.Thumbprint属性是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!