SSL 证书名称不匹配

发布于 2024-10-17 12:40:47 字数 3210 浏览 0 评论 0 原文

我正在致力于制作一个 TCP SSL 服务器，仅使用 .NET 技术。

首先，使用此处，创建了客户端/服务器代码，接下来，创建我使用的证书 this （除了注册网络服务的部分......不起作用）

与 SSL 服务器的启动通信正在工作，但因为我需要验证客户端/服务器证书文件，我

public static bool ValidateServerCertificate(
          object sender,
          X509Certificate certificate,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        // Do not allow this client to communicate with unauthenticated servers.
        Console.WriteLine(" > Remote Certificate Error : {0}", sslPolicyErrors);
        return false;
    }

添加了这个：和这个：

public static X509Certificate ValidateClientCertificate(
        object sender,
        string targetHost,
        X509CertificateCollection localCertificates,
        X509Certificate remoteCertificate,
        string[] acceptableIssuers)
    {
        Console.WriteLine(" > Client is selecting a local certificate.");
        if (acceptableIssuers != null &&
            acceptableIssuers.Length > 0 &&
            localCertificates != null &&
            localCertificates.Count > 0)
        {
            // Use the first certificate that is from an acceptable issuer.
            foreach (X509Certificate certificate in localCertificates)
            {
                string issuer = certificate.Issuer;
                if (Array.IndexOf(acceptableIssuers, issuer) != -1)
                    return certificate;
            }
        }
        if (localCertificates != null &&
            localCertificates.Count > 0)
            return localCertificates[0];

        return null;
    }

在服务器和客户端上

。以这种方式创建连接：

SslStream sslStream = new SslStream(
            client.GetStream(),
            true,
            new RemoteCertificateValidationCallback(ValidateServerCertificate),
            new LocalCertificateSelectionCallback(ValidateClientCertificate)
            );
        // The server name must match the name on the server certificate.
        try
        {
            sslStream.AuthenticateAsClient(serverName, CertColection, SslProtocols.Tls, false);
        }...(etc)...

客户端

SslStream flujo = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ValidateClientCertificate));
        //Código anterior: NetworkStream flujo = tcpClient.GetStream();
        //Continúa, intentar autentificar la conexión.

        Console.WriteLine(" > Autentificando");
        try
        {
           flujo.AuthenticateAsServer(certificadoServidor, false, SslProtocols.Tls, true);
        }...(etc)...

说：“RemoteCertificateNameMismatch” 服务器说：“RemoteCertificateNotAvailable”

在其各自的 sslPolicyErrors 信息上。

我做错了什么？我错过了哪一步？

原文

I am working on making a TCP SSL server, using only .NET technology.

First, using the SSL Stream examples on here, created the client/server code, next, to create the certificates I used this (except for the part of registering the network service stuff... didn't work)

The starting communication to the SSL Server, is working, but since i need validation of the client/server certificate files, I added this:

public static bool ValidateServerCertificate(
          object sender,
          X509Certificate certificate,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        // Do not allow this client to communicate with unauthenticated servers.
        Console.WriteLine(" > Remote Certificate Error : {0}", sslPolicyErrors);
        return false;
    }

and this:

public static X509Certificate ValidateClientCertificate(
        object sender,
        string targetHost,
        X509CertificateCollection localCertificates,
        X509Certificate remoteCertificate,
        string[] acceptableIssuers)
    {
        Console.WriteLine(" > Client is selecting a local certificate.");
        if (acceptableIssuers != null &&
            acceptableIssuers.Length > 0 &&
            localCertificates != null &&
            localCertificates.Count > 0)
        {
            // Use the first certificate that is from an acceptable issuer.
            foreach (X509Certificate certificate in localCertificates)
            {
                string issuer = certificate.Issuer;
                if (Array.IndexOf(acceptableIssuers, issuer) != -1)
                    return certificate;
            }
        }
        if (localCertificates != null &&
            localCertificates.Count > 0)
            return localCertificates[0];

        return null;
    }

on both, server and client.

Creating the connection this way:

SslStream sslStream = new SslStream(
            client.GetStream(),
            true,
            new RemoteCertificateValidationCallback(ValidateServerCertificate),
            new LocalCertificateSelectionCallback(ValidateClientCertificate)
            );
        // The server name must match the name on the server certificate.
        try
        {
            sslStream.AuthenticateAsClient(serverName, CertColection, SslProtocols.Tls, false);
        }...(etc)...

and

SslStream flujo = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(ValidateClientCertificate));
        //Código anterior: NetworkStream flujo = tcpClient.GetStream();
        //Continúa, intentar autentificar la conexión.

        Console.WriteLine(" > Autentificando");
        try
        {
           flujo.AuthenticateAsServer(certificadoServidor, false, SslProtocols.Tls, true);
        }...(etc)...

Client says: "RemoteCertificateNameMismatch"
Server says: "RemoteCertificateNotAvailable"

on their respective sslPolicyErrors info.

What I am doing wrong?
Which step I missed?