WebClient忽略证书错误

WebClient忽略证书错误

本文介绍了如何使用C#2.0 WebClient忽略证书错误-没有证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

使用Visual Studio 2005-C#2.0, System.Net.WebClient.UploadData(Uri地址,字节[]数据) Windows Server 2003

Using Visual Studio 2005 - C# 2.0, System.Net.WebClient.UploadData(Uri address, byte[] data) Windows Server 2003

所以这是代码的精简版:

So here's a stripped down version of the code:

static string SO_method(String fullRequestString)
{
    string theUriStringToUse = @"https://10.10.10.10:443"; // populated with real endpoint IP:port
    string proxyAddressAndPort = @"http://10.10.10.10:80/"; // populated with a real proxy IP:port
    Byte[] utf8EncodedResponse; // for the return data in utf8
    string responseString; // for the return data in utf16

    WebClient myWebClient = new WebClient(); // instantiate a web client
    WebProxy proxyObject = new WebProxy(proxyAddressAndPort, true);// instantiate & popuylate a web proxy
    myWebClient.Proxy = proxyObject; // add the proxy to the client
    myWebClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded"); // stick some stuff in the header

    UTF8Encoding utf8Encoding = new UTF8Encoding(false);// create a utf8 encoding
    Byte[] utf8EncodedRequest = HttpUtility.UrlEncodeToBytes(fullRequestString, utf8Encoding); // convert the request data to a utf8 byte array

    try
    {
        utf8EncodedResponse = myWebClient.UploadData(theUriStringToUse, "POST", utf8EncodedRequest); // pass the utf8-encoded byte array
        responseString = utf8Encoding.GetString(utf8EncodedResponse); // get a useable string out of the response
    }
    catch (Exception e)
    {
        // some other error handling
        responseString = "<CommError><![CDATA[" + e.ToString() + "]]></CommError>";// show the basics of the problem
    }
    return responseString;// return whatever ya got
}

这是我得到的错误:

我没有太多的控制权来查看请求消失时发生的情况。有人告诉我它到达了正确的目的地,并且出现证书错误。据推测,这是因为我的请求中的IP地址与其解析的URL之间存在字面上的不匹配。我应该轮询多个IP,因此无法指定网址。我没有附上证书-端点拥有者也不应该这样做。对于每个他们,证书错误是正常的,我应该忽略它。

I don't have much control to see what's happening when the request goes out. I'm told that it's reaching the correct destination and there's a "certificate error". This is supposedly because there's a literal mismatch between the IP address in my request and the URL it resolves to. I have more than one IP I'm supposed to round-robin to so specifying the URL won't work. I'm not attaching a certificate - nor am I supposed to according to the endpoint owners. Per "them" the certificate error is 'normal and I am supposed to ignore it.

有问题的证书应该是就在那儿的众多verisign证书之一在我们的服务器上。我所看到的忽略证书错误的示例似乎都暗示请求者附加了特定的x509证书(我不是)。

The cert in question is supposedly one of the many verisign certs that is "just there" on our server. The examples I've seen for ignoring cert errors all seem to imply that the requestor is attaching a specific x509 certificate (which I'm not).

我查看了哪一种描述了我的问题-除此之外它也没有,因为我不知道我应该参考哪个证书(如果有)。

I looked over .net WebService, bypass ssl validation! which kinda-sorta describes my problem - except it also kinda-sorta doesn't because I don't know which certificate (if any) I should reference.

有没有办法让我忽略错误,而无需实际知道/关心什么证书导致了问题?

Is there a way for me to ignore the error without actually knowing/caring what certificate is causing the problem?


  • 请-戴上手套,小词和傻瓜代码,因为我并不是一个沉重的打击者。

  • and please - kid gloves, small words, and "for dummies" code as I'm not exactly a heavy hitter.

访问量已结束一条私人电话-因此我的理解是,忽略证书错误并不像打开互联网流量那么重要。

This traffic is over a private line - so my understanding is that ignoring the cert error is not as big a deal as if it were open internet traffic.

推荐答案

SSL证书用于计算机建立信任关系。如果您键入一个IP地址并最终与另一个IP地址交谈,这听起来与DNS劫持安全性故障相同,则SSL旨在帮助您避免此类事情-也许您不想忍受

The SSL certificate is for a machine to establish a trust relationship. If you type in one IP address, and end up talking to another, that sounds the same as a DNS hijack security fault, the kind of thing SSL is intending to help you avoid - and perhaps something you don't want to put up with from "them".

如果您最终可能不只是与机器交谈(理想情况下,他们会让它看起来像是一个给您看),则每个人都需要一个证书

If you may end up talking to more than machine (ideally they would make it appear as one for you), you will need a certificate for each of the possible machines to initiate trust.

要忽略信任(在开发场景中我只是不得不暂时这样做),以下代码段可能对您有用,但是我强烈建议您考虑在使用信任之前忽略信任的影响:

To ignore trust (I've only ever had to do this temporarily in development scenarios) the following snippet may work for you, but I strongly recommend you consider the impact of ignoring trust before using it:

public static void InitiateSSLTrust()
{
    try
    {
        //Change SSL checks so that all checks pass
        ServicePointManager.ServerCertificateValidationCallback =
           new RemoteCertificateValidationCallback(
                delegate
                { return true; }
            );
    }
    catch (Exception ex)
    {
        ActivityLog.InsertSyncActivity(ex);
    }
}

这篇关于如何使用C#2.0 WebClient忽略证书错误-没有证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-28 11:47