根据验证过程,远程证书无效

运行下面的代码,我得到一个异常:

using (var client = new Pop3Client())
{
client.Connect(provider.ServerWithoutPort, provider.Port, true);
}

我得到的例外:

The remote certificate is invalid according to the validation procedure.




at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246
248255 次浏览
小开
最佳答案

出现这种情况通常是因为以下两种情况之一是正确的:

  • 证书是自签名的,不作为受信任证书添加。
  • 证书过期了。
  • 该证书由一个未安装在您的计算机上的根证书签名。
  • 证书使用服务器的完全限定域地址进行签名。意思是: 不能使用“ xyzServerName”,而必须使用“ xyzServerName.ad.state.fl.us”,因为就 SSL 证书而言,这基本上就是服务器名称。
  • 探测到撤销列表,但无法找到/使用。
  • 证书是通过中间 CA 证书签名的,服务器不提供中间证书和主机证书。

尝试获取有关服务器证书的一些信息,并查看是否需要在客户机上安装任何特定的证书才能使其工作。

小开

.NET 在连接的另一端看到一个无效的 SSL 证书。有一个解决方案,但显然不推荐用于生产代码:

// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...


static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true;
}
小开

Dominic Zukiewicz 给出了更简短的解决方案:

ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

但这意味着您将信任所有证书。对于不仅仅在本地运行的服务,需要一些更智能的东西。在第一个实例中,您可以使用这段代码来测试它是否解决了您的问题。

小开

我在测试一个项目时遇到了同样的问题,结果发现运行 Fiddler 是导致这个错误的原因。.!!

如果您使用 Fiddler 拦截 http 请求,请关闭它..。

这是造成这种错误的众多原因之一。

要修复 Fiddler,您可能需要 重置 Fiddler Https 证书

小开

试着在发送电子邮件之前放置这个

ServicePointManager.ServerCertificateValidationCallback =
delegate(object s, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };

记住添加使用库!

小开

必须检查证书哈希代码。

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
errors) =>
{
var hashString = certificate.GetCertHashString();
if (hashString != null)
{
var certHashString = hashString.ToLower();
return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
}
return false;
};

提交答案