C# 根据验证程序,远程证书无效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9983265/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
The remote certificate is invalid according to the validation procedure
提问by Elad Benda
Running the following code, I get an exception:
运行以下代码,我得到一个异常:
using (var client = new Pop3Client())
{
client.Connect(provider.ServerWithoutPort, provider.Port, true);
}
The Exception I get:
我得到的异常:
The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246
采纳答案by Anders Abel
This usually occurs because either of the following are true:
这通常是因为以下任一情况为真:
- The certificate is self-signed and not added as a trusted certificate.
- The certificate is expired.
- The certificate is signed by a root certificate that's not installed on your machine.
- The certificate is signed using the fully qualified domain address of the server. Meaning: cannot use "xyzServerName" but instead must use "xyzServerName.ad.state.fl.us" because that's basically the server name as far as the SSL cert is concerned.
- A revocation list is probed, but cannot be found/used.
- The certificate is signed via intermediate CA certificate and server does not serve that intermediate certificate along with host certificate.
- 该证书是自签名的,不会作为受信任的证书添加。
- 证书已过期。
- 该证书由未安装在您的计算机上的根证书签名。
- 该证书使用服务器的完全限定域地址进行签名。含义:不能使用“xyzServerName”,而必须使用“xyzServerName.ad.state.fl.us”,因为就 SSL 证书而言,这基本上是服务器名称。
- 已探测撤销列表,但无法找到/使用。
- 该证书是通过中间 CA 证书签名的,服务器不提供该中间证书和主机证书。
Try getting some information about the certificate of the server and see if you need to install any specific certs on your client to get it to work.
尝试获取有关服务器证书的一些信息,并查看是否需要在客户端上安装任何特定证书才能使其正常工作。
回答by Dominic Zukiewicz
.NET is seeing an invalid SSL certificate on the other end of the connection. There is a workaround for it, but obviously not recommended for production code:
.NET 在连接的另一端看到无效的 SSL 证书。有一个解决方法,但显然不推荐用于生产代码:
// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...
static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true;
}
回答by brimble2010
Even shorter version of the solution from Dominic Zukiewicz:
来自 Dominic Zukiewicz 的更短版本的解决方案:
ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
But this means that you will trust all certificates. For a service that isn't just run locally, something a bit smarter will be needed. In the first instance you could use this code to just test whether it solves your problem.
但这意味着您将信任所有证书。对于不只是在本地运行的服务,需要一些更智能的东西。在第一种情况下,您可以使用此代码来测试它是否解决了您的问题。
回答by stackunderflow
I had the same problem while I was testing a project and it turned that running Fiddler was the cause for this error..!!
我在测试项目时遇到了同样的问题,结果发现运行 Fiddler 是导致此错误的原因..!!
If you are using Fiddler to intercept the http request, shut it down ...
如果您使用 Fiddler 拦截 http 请求,请将其关闭...
This is one of the many causes for such error.
这是导致此类错误的众多原因之一。
To fix Fiddler you may need to Reset Fiddler Https Certificates.
要修复 Fiddler,您可能需要重置 Fiddler Https 证书。
回答by pedrozza
Try put this before send e-mail
尝试在发送电子邮件之前放这个
ServicePointManager.ServerCertificateValidationCallback =
delegate(object s, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };
Remenber to add the using libs!
记得添加使用库!
回答by Saeid
You must check the certificate hash code.
您必须检查证书哈希码。
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
errors) =>
{
var hashString = certificate.GetCertHashString();
if (hashString != null)
{
var certHashString = hashString.ToLower();
return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
}
return false;
};
