[英]Accept self-signed TLS/SSL certificate in VB.NET
我正在寻找一种使用 VB.NET 验证(或绕过验证)自签名 SSL 证书的方法。我在 C# 中找到了执行此操作的代码,并尝试将其转换为 VB 代码,但我没有任何运气。
这是 C# 代码: How do I use WebRequest to access an SSL encrypted site using https?
这是我尝试过的:
Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates
Public Class clsSSL
Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
Return True
End Function
End Class
然后在WebRequest
之前,我有这行代码给我一个错误。
ServicePointManager.ServerCertificateValidationCallback =
New System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)
错误信息是:
委托“System.Net.Security.RemoteCertificateValidationCallback”需要一个“AddressOf”表达式或 lambda 表达式作为其构造函数的唯一参数。
在VB.Net中,你需要写
ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
单线:
System.Net.ServicePointManager.ServerCertificateValidationCallback = _
Function(se As Object, _
cert As System.Security.Cryptography.X509Certificates.X509Certificate, _
chain As System.Security.Cryptography.X509Certificates.X509Chain, _
sslerror As System.Net.Security.SslPolicyErrors) True
这里所有的答案都盲目接受任何证书。 这是一个安全漏洞。
在实现ServicePointManager.ServerCertificateValidation
回调时,应验证证书。 例如,通过根据已知值检查证书的哈希值:
Imports System.Net
Imports System.Net.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
ServicePointManager.ServerCertificateValidationCallback =
Function(sender As Object, certificate As X509Certificate, chain As X509Chain,
errors As SslPolicyErrors)
Return _
(errors = SslPolicyErrors.None) Or
certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
"EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA67737179E3C85BC3CD09D4EEC")
End Function
对于采用HashAlgorithmName.SHA256
的X509Certificate.GetCertHashString
重载,您需要 .NET 4.8。 在旧版本上,使用返回 SHA-1 散列的无参数重载。
基于当您知道无效证书是安全的时,测试 X509Certificate.Thumbprint 属性是否安全?
对于 C# 版本的代码,请参见FtpWebRequest“根据验证程序,远程证书无效” 。
我不确定,但这应该有效:
ServicePointManager.ServerCertificateValidationCallback = _
New RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)
在 VB.Net 中,
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
解决了不太安全的应用程序问题。
在 VB.Net 中
ServicePointManager.ServerCertificateValidationCallback = Function(s, c, h, e) True
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.