在服务器上更改SSL证书是否会破坏代码?
[英]Does changing SSL Cert on a server break code?
问题描述
EDIT: What should I use to catch the error? 
编辑:我应该用什么来捕捉错误?
I have this where it fails to connect for an error message and defaults to a generic message. 我有它无法连接到错误消息的地方,并且默认为通用消息。
public string ResponseError {
get {
string retVal = "";
try {
retVal = xmlElements.GetElementValue( FullResponse, "/VancoWS/Response/Errors/Error/ErrorDescription" );
} catch {
retVal = "There has been a problem processing your request. Please try again!";
}
return retVal;
}
}
A payment gateway said they made a change to their SSL Cert and since then our web application has not made a successful connection. 支付网关表示,他们更改了其SSL证书,此后,我们的Web应用程序未建立成功的连接。 The code was written in VS.NET 2008 .NET 3.5 I believe in C#. 该代码是用VS.NET 2008 .NET 3.5编写的,我相信使用C#。 From what I can tell this looks like the code making the connection: 据我所知,这看起来像建立连接的代码:
/* Method to perform web post */
private void SendBuffer(string strXml, out string fullResponse, out bool success)
{
String BaseAddress = Url + "?xml=";
try
{
System.Net.WebClient objRequest = new System.Net.WebClient();
objRequest.Encoding = System.Text.Encoding.ASCII;
byte[] buffer = System.Text.Encoding.ASCII.GetBytes(strXml);
byte[] responseBuffer = objRequest.UploadData(BaseAddress, "POST", buffer);
fullResponse = System.Text.Encoding.ASCII.GetString(responseBuffer);
success = true;
}
catch (Exception ex)
{
fullResponse = ex.ToString();
success = false;
}
}
The payment gateway says they are not getting any connections from our server to theirs. 付款网关说他们没有从我们的服务器获得任何连接。 I contacted out webhost and they said they have not changed anything to block connections. 我联系了网络托管服务商,他们说他们没有做任何更改来阻止连接。
The host says they could access the URL fine with no invalid certificate. 主持人说,他们可以在没有无效证书的情况下正常访问URL。
URL in question: https://www.vancoservices.com/cgi-bin/ws2.vps 有问题的网址: https : //www.vancoservices.com/cgi-bin/ws2.vps
They also are still running SSLv3 so it's not a problem with protocol change or being forced to TLS 1.x 他们还仍在运行SSLv3,因此协议更改或强制使用TLS 1.x都不成问题。
Any ideas as to what would break this? 有什么想法可以解决这个问题吗?
3 个解决方案
解决方案1
3 已采纳 2014-10-15 21:05:10
Looks like they have set up a certificate which is either not signed by a valid authority or your web server doesn't have the authority that signed this certificate in its trusted CA. 看起来他们已经设置了未由有效授权机构签名的证书,或者您的Web服务器没有在受信任的CA中对该证书进行签名的授权机构。
To understand whether it is a problem with the certificate you may try connecting to the webserver that is executing this code, opening a webbrowser and attempting to connect to the address. 要了解证书是否存在问题,您可以尝试连接到正在执行此代码的Web服务器,打开Web浏览器,然后尝试连接到该地址。 The browser will tell you whether the certificate is valid or not (probably you will get a warning if it is not). 浏览器将告诉您证书是否有效(如果证书无效,您可能会收到警告)。
If you want to disable certificate validations in your code you may try the following: 如果要在代码中禁用证书验证,则可以尝试以下操作:
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Obviously this is not something you wanna be doing with a Production system, but you could just experiment with it to know whether it is a problem with the SSL certificate they set up and if it is self signed. 显然,这不是您要在生产系统上要做的事情,但是您可以尝试使用它来了解他们设置的SSL证书是否有问题以及它是否是自签名的。
解决方案2
1 2014-10-15 20:56:32
The "try" clause around the code is hiding any errors that are happening. 代码周围的“ try”子句隐藏了所有正在发生的错误。 One thing you could try is commenting out the try statement allowing the code to break and fall over with an error: 您可以尝试做的一件事是注释掉try语句,以使代码因错误而中断和崩溃:
// try
{
...
}
or add a catch clause: 或添加一个catch子句:
try
{
...
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
解决方案3
1 2014-10-15 20:58:48
just add the following to your config and change the log file path. 只需将以下内容添加到您的配置并更改日志文件路径。 this will give a sense if handshake/validation for cert is happening 如果正在进行握手/验证,这将给人一种感觉
http://msdn.microsoft.com/en-us/library/ty48b824(v=vs.110).aspx http://msdn.microsoft.com/zh-CN/library/ty48b824(v=vs.110).aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.