[英]The request was aborted: Could not create SSL/TLS secure channel when using X509Certificate2
[英]C# HttpClient with X509Certificate2 - WebException: The request was aborted: Could not create SSL/TLS secure channel
我正在努力实施名为Swish的支付服务,并使用本指南对其进行测试(即使文件名是瑞典语,指南也是英语)。
https://www.getswish.se/content/uploads/2015/06/Guide-Testverktyg_20151210.zip
如您所见,测试项目包含两个证书: .p12
和.pem
文件。 我尝试同时验证两者的请求。
但是,即使尝试解决方案,我也发现了此问题,但仍然遇到此问题。
如这里的建议,我实现了日志记录, 这就是结果。 由于字符限制,Pastebin链接。 我在日志中没有看到任何指向StatusCode=401
,因此我认为它不是HTTP 401 Unauthorized
。
public class PaymentRequest
{
[JsonProperty("payeePaymentReference")]
public string PayeePaymentReference { get; set; }
[JsonProperty("callbackUrl")]
public string CallbackUrl { get; set; }
[JsonProperty("payerAlias")]
public string PayerAlias { get; set; }
[JsonProperty("payeeAlias")]
public string PayeeAlias { get; set; }
[JsonProperty("amount")]
public string Amount { get; set; }
[JsonProperty("currency")]
public string Currency { get; set; }
[JsonProperty("message")]
public string Message { get; set; }
}
class Program
{
static void Main(string[] args)
{
var service = new SwishService();
var paymentRequest = new PaymentRequest();
paymentRequest.PayeePaymentReference = "0123456789";
paymentRequest.CallbackUrl = "https://example.com/api/swishcb/paymentrequests";
paymentRequest.PayerAlias = "4671234768";
paymentRequest.PayeeAlias = "1231181189";
paymentRequest.Amount = "100";
paymentRequest.Currency = "SEK";
paymentRequest.Message = "Kingston USB Flash Drive 8 GB";
service.SendPaymentRequest(paymentRequest);
}
}
public class SwishService
{
private HttpClient client;
public SwishService()
{
var baseAddress = new Uri("https://mss.swicpc.bankgirot.se");
var certHandler = new WebRequestHandler();
certHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
certHandler.UseDefaultCredentials = false;
//Same result with Swish Merchant Test Certificate 1231181189.p12 file
var certPath = $"C:\\Users\\<Path>\\Testcertifikat\\Test Swish Root CA v1 Test.pem";
var certificate = new X509Certificate2(certPath, "swish");
certHandler.ClientCertificates.Add(certificate);
client = new HttpClient(new LoggingHandler(certHandler));
client.BaseAddress = baseAddress;
client.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/json");
}
public void SendPaymentRequest(PaymentRequest paymentRequest)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
//Code throws exception before this callback is called
ServicePointManager.ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
};
var content = new StringContent(JsonConvert.SerializeObject(paymentRequest), Encoding.UTF8, "application/json");
var response = client.PostAsync("/swish-cpcapi/api/v1/paymentrequests/", content).Result;
var resultStream = response.Content.ReadAsStreamAsync().Result;
var result = string.Empty;
using (var streamReader = new StreamReader(resultStream))
{
result = streamReader.ReadToEnd();
}
}
}
更新:
在Chrome中使用Postman时,我可以先在Chrome中导入证书,然后再通过“ Trusted Root Certification Authorities
”商店中的mmc
发送请求。 我还没有找到代码中的解决方案。 PS:应用程序的托管要求从文件中加载证书,而不是从证书存储中获取证书。
更新2:
具有堆栈跟踪的系统诊断日志:
找到在服务器上执行的SSL测试:
https://www.ssllabs.com/ssltest/analyze.html?d=mss.swicpc.bankgirot.se
设置完之后,一切正常:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
您可以像这样将eventHandler附加到ServicePointManager
:
ServicePointManager.ServerCertificateValidationCallback = ForcedAuthDelegate;
并且ForcedAuthDelegate
实现应返回true
以接受连接:
static bool ForcedAuthDelegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.