如何关闭 WCF 服务客户端的证书吊销？

发布于 2024-07-07 11:20:18 字数 74 浏览 7 评论 0原文

如何关闭 WCF 服务客户端的证书吊销？客户端代理由 wsdl.exe 生成并继承 SoapHttpClientProtocol。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

妖妓 2024-07-14 11:20:18

我认为您正在寻找 ServicePointManager.ServerCertificateValidationCallback：

http://msdn.microsoft.com /en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

它需要一个 RemoteCertificateValidationCallback 委托：

http://msdn.microsoft.com /en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx

我以前从未处理过吊销的证书（我可以处理其他问题，例如过期的 SSL），但我猜你只是做类似的事情：

class Program
{
    static void Main(string[] args)
    {
        ServicePointManager.ServerCertificateValidationCallback +=
            new RemoteCertificateValidationCallback(ValidateCertificate);

        // Do WCF calls...
    }

    public static bool ValidateCertificate(object sender, X509Certificate cert, 
                              X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
        {
            foreach(X509ChainStatus chainStatus in chain.ChainStatus)
            {
                if(chainStatus.Status == X509ChainStatusFlags.Revoked)
                {
                    return true;
                }
            }
        }
        
        /* 
         WARNING!
     
         You should perform other cert validation checks here and not blindly 
         override your cert validation by returning true.

         Otherwise the secure channel between your client and service
         may not be secure.

        */

        return false;
    }
}

I think you're looking for ServicePointManager.ServerCertificateValidationCallback:

http://msdn.microsoft.com/en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

Which takes a RemoteCertificateValidationCallback Delegate:

http://msdn.microsoft.com/en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx

I've never dealt with a revoked certificate before (I have hand to handle other issues such as expired SSL's), but I'm guessing you'd just do something like:

class Program
{
    static void Main(string[] args)
    {
        ServicePointManager.ServerCertificateValidationCallback +=
            new RemoteCertificateValidationCallback(ValidateCertificate);

        // Do WCF calls...
    }

    public static bool ValidateCertificate(object sender, X509Certificate cert, 
                              X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
        {
            foreach(X509ChainStatus chainStatus in chain.ChainStatus)
            {
                if(chainStatus.Status == X509ChainStatusFlags.Revoked)
                {
                    return true;
                }
            }
        }
        
        /* 
         WARNING!
     
         You should perform other cert validation checks here and not blindly 
         override your cert validation by returning true.

         Otherwise the secure channel between your client and service
         may not be secure.

        */

        return false;
    }
}

回复收藏 0 原文