堆栈内存溢出
  简体   繁体   English

接受 VB.NET 中的自签名 TLS/SSL 证书

[英]Accept self-signed TLS/SSL certificate in VB.NET

 原文  2011-05-13 21:32:28       .net/ vb.net/ ssl/ ssl-certificate

问题描述

I'm searching for a way to validate (or bypass validation for) self-signed SSL certificates using VB.NET. I found code to do this in C# and tried converting it into VB code, but I'm not having any luck.我正在寻找一种使用 VB.NET 验证(或绕过验证)自签名 SSL 证书的方法。我在 C# 中找到了执行此操作的代码,并尝试将其转换为 VB 代码,但我没有任何运气。

Here is the C# code: How do I use WebRequest to access an SSL encrypted site using https?这是 C# 代码: How do I use WebRequest to access an SSL encrypted site using https?

Here is what I tried:这是我尝试过的:

Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates

Public Class clsSSL
    Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
        Return True
    End Function
End Class

Then before the WebRequest I have this line of code which gives me an error.然后在WebRequest之前,我有这行代码给我一个错误。

ServicePointManager.ServerCertificateValidationCallback =
    New System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)

The error message is:错误信息是:

Delegate 'System.Net.Security.RemoteCertificateValidationCallback' requires an 'AddressOf' expression or lambda expression as the only argument to its constructor.委托“System.Net.Security.RemoteCertificateValidationCallback”需要一个“AddressOf”表达式或 lambda 表达式作为其构造函数的唯一参数。

6 个解决方案

解决方案1
 33 已采纳  2011-05-13 21:36:29

在VB.Net中,你需要写

ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications

解决方案2
 10  2018-03-06 08:08:00

One-liner:单线:

System.Net.ServicePointManager.ServerCertificateValidationCallback = _
  Function(se As Object, _
  cert As System.Security.Cryptography.X509Certificates.X509Certificate, _
  chain As System.Security.Cryptography.X509Certificates.X509Chain, _
  sslerror As System.Net.Security.SslPolicyErrors) True

Credits to Robby Tendean 归功于 Robby Tendean

解决方案3
 2  2021-03-10 06:36:49

All the answers here blindly accept any certificate.这里所有的答案都盲目接受任何证书。 That's a security flaw.这是一个安全漏洞。

When implementing ServicePointManager.ServerCertificateValidation callback one should validate the certificate.在实现ServicePointManager.ServerCertificateValidation回调时,验证证书。 Eg by checking certificate's hash against a known value:例如,通过根据已知值检查证书的哈希值:

Imports System.Net
Imports System.Net.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates

ServicePointManager.ServerCertificateValidationCallback =
    Function(sender As Object, certificate As X509Certificate, chain As X509Chain,
             errors As SslPolicyErrors)
        Return _
            (errors = SslPolicyErrors.None) Or
            certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
                "EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA67737179E3C85BC3CD09D4EEC")
    End Function

For the X509Certificate.GetCertHashString overload that takes HashAlgorithmName.SHA256 , you need .NET 4.8.对于采用HashAlgorithmName.SHA256X509Certificate.GetCertHashString重载,您需要 .NET 4.8。 On older versions use the parameter-less overload that returns an SHA-1 hash.在旧版本上,使用返回 SHA-1 散列的无参数重载

Based on Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?基于当您知道无效证书是安全的时,测试 X509Certificate.Thumbprint 属性是否安全?

For C# version of the code, see FtpWebRequest "The remote certificate is invalid according to the validation procedure" .对于 C# 版本的代码,请参见FtpWebRequest“根据验证程序,远程证书无效”

解决方案4
 1  2011-05-13 21:37:35

I'm not sure but this should work:我不确定,但这应该有效:

ServicePointManager.ServerCertificateValidationCallback = _
      New RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)

http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx

解决方案5
 0  2016-07-07 02:00:57

In VB.Net,在 VB.Net 中,

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls

solves the less secure apps problem.解决了不太安全的应用程序问题。

解决方案6
 -1  2023-01-12 11:15:51

In VB.Net在 VB.Net 中

ServicePointManager.ServerCertificateValidationCallback = Function(s, c, h, e) True

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .Net编程:在SSL自签名证书上验证什么 - .Net Programming: What to validate on an SSL self-signed certificate 通过具有自签名SSL证书的邮件服务器从.net应用程序发送电子邮件 - Sending email from a .net application via a mail server with a self-signed SSL certificate 信任自签名证书以验证服务器(Windows 上的 .NET 客户端) - Trust a self-signed certificate to authenticate a server (.NET client on Windows) 使用HttpClient信任自签名证书 - Trusting Self-Signed Certificate using HttpClient 具有相同自签名证书的多种服务 - multiple services with same self-signed certificate 即时生成自签名证书 - Generate a self-signed certificate on the fly 自签名证书是否足够安全? - Is a self-signed certificate secure enough? 如何使用X509Certificate或其他.NET类获取自签名证书的签名? - How to get the Signature of a Self-Signed Certificate using X509Certificate or other .NET Class? .NET不信任我的自签名证书,但IE确实如此? - .NET doesn't trust my self-signed certificate, but IE does? 使用.NET Standard 2.0生成自签名X509Certificate2 - Generate self-signed X509Certificate2 using .NET Standard 2.0
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM