我需要通过https访问一个Web服务,它的证书有一些问题。在 chrome 中,它显示网站的身份已确认,但没有公开条目。
向该 URL 发出 httprequest 时,我收到错误 System.Net.WebExceptionStatus.SecureChannelFailure
"请求已中止:无法创建 SSL/TLS 安全通道。"
我尝试使用
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
// If the certificate is a valid, signed certificate, return true.
if (error == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'",
cert.Subject,
error.ToString());
return false;
}
但是回调甚至没有命中。如果我请求不同的(有效)URL,则会命中回调。
有什么方法可以进一步调试问题吗?
下面是完整的示例代码:
private void button1_Click(object sender, EventArgs e)
{
string url = "https://domainwithsslissues.";
string method = "get";
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
HttpWebRequest ws = (HttpWebRequest)WebRequest.Create(url);
ws.Credentials = CredentialCache.DefaultCredentials;
ws.Method = method;
using (HttpWebResponse webResponse = (HttpWebResponse)ws.GetResponse())
{
using (Stream responseStream = webResponse.GetResponseStream())
{
using (StreamReader responseStreamReader = new StreamReader(responseStream, true))
{
string response = responseStreamReader.ReadToEnd();
Console.WriteLine(response);
responseStreamReader.Close();
}
responseStream.Close();
}
webResponse.Close();
}
}
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
if (error == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'",
cert.Subject,
error.ToString());
return false;
}
事实证明,Web服务需要TSL 1.1.或1.2,这在.NET 4中不受支持