[英]C# SSLStream Read Function Throws IOException
我正在尝试创建自己的 HTTPS 代理服务器。 出于某种原因,当我尝试从 sslstream 对象读取时出现异常。 这是它:
System.dll 中发生类型为“System.IO.IOException”的未处理异常
附加信息:无法从传输连接中读取数据:连接尝试失败,因为连接方在一段时间后没有正确响应,或者由于连接的主机未能响应而建立的连接失败。
这是我的代码:
public Server()
{
m_portnumber = 4434;
m_tcplistener = new TcpListener(IPAddress.Any, m_portnumber);
m_cert = createCertificate();
}
public void start()
{
m_tcplistener.Start();
while (true)
{
TcpClient client = m_tcplistener.AcceptTcpClient();
ClientHandler(client);
}
}
private void ClientHandler(TcpClient client)
{
// A client has connected. Create the
// SslStream using the client's network stream.
SslStream sslStream = new SslStream(
client.GetStream(), false);
// Authenticate the server but don't require the client to authenticate.
try
{
sslStream.AuthenticateAsServer(m_cert,
false, SslProtocols.Tls, true);
// Display the properties and settings for the authenticated stream.
DisplaySecurityLevel(sslStream);
DisplaySecurityServices(sslStream);
DisplayCertificateInformation(sslStream);
DisplayStreamProperties(sslStream);
// Set timeouts for the read and write to 5 seconds.
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
// Read a message from the client.
Console.WriteLine("Waiting for client message...");
string messageData = ReadMessage(sslStream);
Console.WriteLine("Received: {0}", messageData);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
// The client stream will be closed with the sslStream
// because we specified this behavior when creating
// the sslStream.
sslStream.Close();
client.Close();
}
}
static string ReadMessage(SslStream sslStream)
{
// Read the message sent by the server.
// The end of the message is signaled using the
// "<EOF>" marker.
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
// Use Decoder class to convert from bytes to UTF8
// in case a character spans two buffers.
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
// Check for EOF.
if (messageData.ToString().IndexOf("<EOF>") != -1)
{
break;
}
} while (bytes != 0);
return messageData.ToString();
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}
static void DisplaySecurityServices(SslStream stream)
{
Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
Console.WriteLine("IsSigned: {0}", stream.IsSigned);
Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);
}
static void DisplayStreamProperties(SslStream stream)
{
Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite);
Console.WriteLine("Can timeout: {0}", stream.CanTimeout);
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus);
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}
// Display the properties of the client's certificate.
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.",
remoteCertificate.Subject,
remoteCertificate.GetEffectiveDateString(),
remoteCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Remote certificate is null.");
}
}
private static void DisplayUsage()
{
Console.WriteLine("To start the server specify:");
Console.WriteLine("serverSync certificateFile.cer");
Environment.Exit(1);
}
private X509Certificate createCertificate()
{
byte[] c = Certificate.CreateSelfSignCertificatePfx(
"CN=localhost", //host name
DateTime.Parse("2015-01-01"), //not valid before
DateTime.Parse("2020-01-01"), //not valid after
"sslpass"); //password to encrypt key file
using (BinaryWriter binWriter = new BinaryWriter(File.Open(@"cert.pfx", FileMode.Create)))
{
binWriter.Write(c);
}
return new X509Certificate2(@"cert.pfx", "sslpass");
}
}
这不是 SSL 错误,而是 TCP 错误。 您正在连接到未侦听的 ip/端口对。 是一个主动拒绝,所以它不像你到达 IP 并告诉你没有端口。 是超时,这可能意味着无效的 IP 或目标的防火墙(故意)忽略您。
我的第一个怀疑是行m_portnumber = 4434;
. 这是一个不寻常的端口号。 您确定不是打字错误,并且您想要 HTTPS 常用端口 (443) 吗? 如果你真的是 4434,你需要检查网络连接。 确保 IP 正确解析、可访问、目标正在侦听并且防火墙允许您进入。
我猜上面的代码取自https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream?view=net-5.0
在其中一台 Windows 机器(Win10 1809)上遇到类似的 ReadMessage(SslStream sslStream) 问题。
这里有两点需要注意:
sslStream.Read 将读取经过身份验证的网络流中的所有内容,包括 Header 和 Body。 所以你有责任解析两者并循环出来。
在我的情况下,机器从流中读取需要很长时间(超过 5 秒)。 所以我不得不删除时间读取超时。 在这里
sslStream.ReadTimeout = 5000;
\\\\ 默认情况下它是无限的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.