[英]Accept self-signed TLS/SSL certificate in VB.NET
I'm searching for a way to validate (or bypass validation for) self-signed SSL certificates using VB.NET. I found code to do this in C# and tried converting it into VB code, but I'm not having any luck.我正在寻找一种使用 VB.NET 验证(或绕过验证)自签名 SSL 证书的方法。我在 C# 中找到了执行此操作的代码,并尝试将其转换为 VB 代码,但我没有任何运气。
Here is the C# code: How do I use WebRequest to access an SSL encrypted site using https?这是 C# 代码: How do I use WebRequest to access an SSL encrypted site using https?
Here is what I tried:这是我尝试过的:
Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates
Public Class clsSSL
Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
Return True
End Function
End Class
Then before the WebRequest
I have this line of code which gives me an error.然后在WebRequest
之前,我有这行代码给我一个错误。
ServicePointManager.ServerCertificateValidationCallback =
New System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)
The error message is:错误信息是:
Delegate 'System.Net.Security.RemoteCertificateValidationCallback' requires an 'AddressOf' expression or lambda expression as the only argument to its constructor.委托“System.Net.Security.RemoteCertificateValidationCallback”需要一个“AddressOf”表达式或 lambda 表达式作为其构造函数的唯一参数。
在VB.Net中,你需要写
ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
One-liner:单线:
System.Net.ServicePointManager.ServerCertificateValidationCallback = _
Function(se As Object, _
cert As System.Security.Cryptography.X509Certificates.X509Certificate, _
chain As System.Security.Cryptography.X509Certificates.X509Chain, _
sslerror As System.Net.Security.SslPolicyErrors) True
Credits to Robby Tendean 归功于 Robby Tendean
All the answers here blindly accept any certificate.这里所有的答案都盲目接受任何证书。 That's a security flaw.这是一个安全漏洞。
When implementing ServicePointManager.ServerCertificateValidation
callback one should validate the certificate.在实现ServicePointManager.ServerCertificateValidation
回调时,应验证证书。 Eg by checking certificate's hash against a known value:例如,通过根据已知值检查证书的哈希值:
Imports System.Net
Imports System.Net.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
ServicePointManager.ServerCertificateValidationCallback =
Function(sender As Object, certificate As X509Certificate, chain As X509Chain,
errors As SslPolicyErrors)
Return _
(errors = SslPolicyErrors.None) Or
certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
"EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA67737179E3C85BC3CD09D4EEC")
End Function
For the X509Certificate.GetCertHashString
overload that takes HashAlgorithmName.SHA256
, you need .NET 4.8.对于采用HashAlgorithmName.SHA256
的X509Certificate.GetCertHashString
重载,您需要 .NET 4.8。 On older versions use the parameter-less overload that returns an SHA-1 hash.在旧版本上,使用返回 SHA-1 散列的无参数重载。
Based on Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?基于当您知道无效证书是安全的时,测试 X509Certificate.Thumbprint 属性是否安全?
For C# version of the code, see FtpWebRequest "The remote certificate is invalid according to the validation procedure" .对于 C# 版本的代码,请参见FtpWebRequest“根据验证程序,远程证书无效” 。
I'm not sure but this should work:我不确定,但这应该有效:
ServicePointManager.ServerCertificateValidationCallback = _
New RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)
http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx
In VB.Net,在 VB.Net 中,
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
solves the less secure apps problem.解决了不太安全的应用程序问题。
In VB.Net在 VB.Net 中
ServicePointManager.ServerCertificateValidationCallback = Function(s, c, h, e) True
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.