C#WebSocketServer wss://连接失败
[英]C# WebSocketServer wss:// connection fail
问题描述
I've written a WebSocket Server which currently works only with ws:// connections. 
我编写了一个WebSocket服务器,该服务器当前仅与ws://连接一起使用。
Tested with http://www.websocket.org/echo.html (on Chrome) and http://websocket4net.codeplex.com/ . 经过http://www.websocket.org/echo.html (在Chrome上)和http://websocket4net.codeplex.com/进行了测试 。
Now I want to also support wss:// connections (TLS). 现在,我还希望支持wss://连接(TLS)。
I've got it to work with WebSocket4Net but when using the echo test, 我已经将其与WebSocket4Net一起使用,但是在使用回声测试时,
javascript immediately throws an exception after SslStream.AuthenticateAsServer(); javascript在SslStream.AuthenticateAsServer();之后立即引发异常SslStream.AuthenticateAsServer(); is executed in C# code. 用C#代码执行。
It does its TLS negotiation, but Chrome rejects the connection. 它进行TLS协商,但Chrome拒绝该连接。
SslStream Reads and writes (ServerSide done by AuthenticateAsServer): SslStream读写(ServerSide由AuthenticateAsServer完成):
Read(5, 0, 5) == 5
Read(517, 5, 512) == 512
Write(887, 0, 887)
Read(887, 0, 5) == 5
Read(887, 5, 262) == 262
Read(5, 0, 5) == 5
Read(6, 5, 1) == 1
Read(5, 0, 5) == 5
Read(53, 5, 48) == 48
Write(59, 0, 59)
I used the following steps to add the certificate: 我使用以下步骤添加证书:
makecert -sv CA.pvk -r -n "CN=Dev" -a sha256 -len 2048 -sky signature -cy authority CA.cer
makecert -ic CA.cer -iv CA.pvk -n "CN=localhost, CN=127.0.0.1" -a sha256 -len 2048 -sky exchange -sv CA_localhost.pvk -pe CA_localhost.cer
cert2spc CA_localhost.cer CA_localhost.spc
pvkimprt -pfx CA_localhost.spc CA_localhost.pvk //Select export
//Import CA.cer into your Computer store's Trusted Root Certification Authorities (certmgr.msc)
//Import the private key that the server is going to use into the server machine's Personal store.
//This is achieved by importing the .pfx file that you generated earlier.
SslStream created by new SslStream(new NetworkStream(clientSocket), true) 由new SslStream(new NetworkStream(clientSocket), true) SslStream创建的new SslStream(new NetworkStream(clientSocket), true)
For AuthenticateAsServer I'm using the "CA_localhost.cer" certificate. 对于AuthenticateAsServer,我使用的是“ CA_localhost.cer”证书。
After making sure the certificates are displayed in certmgr.msc I opened http://www.websocket.org/echo.html in Chrome and used wss://localhost:12345 as the address (for which my server is listening) and also checking the checkbox. 确保证书显示在certmgr.msc中之后,我在Chrome中打开了http://www.websocket.org/echo.html ,并使用wss://localhost:12345作为地址(我的服务器正在监听),并且检查复选框。
After clicking Connect I only get: 单击“ Connect我只会得到:
ERROR: undefined
DISCONNECTED
The javascript console displaying: JavaScript控制台显示:
WebSocket connection to 'wss://127.0.0.1:12345/?encoding=text' failed: Connection closed before receiving a handshake response WebSocket与'wss://127.0.0.1:12345 /?encoding = text'的连接失败:在收到握手响应之前,连接已关闭
On the serverside after AuthenticateAsServer the properties IsAuthenticated and IsEncrypted are set to true, but immediately after that I receive data of zero length, closing the connection. 在AuthenticateAsServer之后的服务器端,属性IsAuthenticated和IsEncrypted设置为true,但是此后立即收到长度为零的数据,关闭了连接。
I'm assuming I made an error during the certificate creation and/or installation but I don't know what I may have done wrong. 我假设我在证书创建和/或安装过程中出错,但是我不知道自己做错了什么。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 已采纳 2014-02-26 09:23:46
After some hours of testing and giving up, I gave it another go: 经过几个小时的测试并放弃了,我还是放弃了:
It turns out (or for me at least it looks like it) that only the last common name is taken to validate against the ws-uri. 事实证明(或者至少对我而言,它看起来像这样)仅采用了姓氏来验证ws-uri。
Using wss://127.0.0.1:12345 worked. 使用wss://127.0.0.1:12345起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.