本文介绍了解决使用HTTPWebRequest访问HTTPS网站时出现的信任关系错误的方法。提供了.NET1.1和.NET2.0两种环境下通过修改证书验证回调来绕过SSL证书验证的具体实现。
今天,有个网友问我:
用httpwebrequest访问一个SSL类型的地址 https://xxxx 时,报错 “未能为 SSL/TLS 安全通道建立信任关系(Could not establish trust relationship for the SSL/TLS secure channel)”
查了下MSDN,找到了解决方法,SSL网站,连接时需要提供证书,对于非必须提供客户端证书的情况,只要返回一个安全确认 即可。但是此方法的实现,在.NET 1.1 和 .NET 2.0 下是不同的,下面写出2个framework版本下的实现方法:
使用的命名空间:
using System . Net ; using System . Net . Security ; using System . Security . Authentication ; using System . Security . Cryptography . X509Certificates ;
.Net 2.0
public bool CheckValidationResult ( object sender , X509Certificate certificate , X509Chain chain , SslPolicyErrors errors ) { //直接确认,否则打不开 return true ; } private void button1_Click ( object sender , EventArgs e ) { ServicePointManager . ServerCertificateValidationCallback = new System . Net . Security . RemoteCertificateValidationCallback ( CheckValidationResult ); HttpWebRequest req = ( HttpWebRequest ) WebRequest . CreateDefault ( new Uri ( "https://zu14.cn/" )); req . Method = "GET" ; HttpWebResponse res = ( HttpWebResponse ) req . GetResponse (); //...正常使用了,和访问普通的 http:// 地址一样了 }
.Net 1.1
internal class AcceptAllCertificatePolicy : ICertificatePolicy { public AcceptAllCertificatePolicy () { } public bool CheckValidationResult ( ServicePoint sPoint , System . Security . Cryptography . X509Certificates . X509Certificate cert , WebRequest wRequest , int certProb ) { //直接确认 return true ; } } private void button1_Click ( object sender , EventArgs e ) { ServicePointManager . CertificatePolicy = new AcceptAllCertificatePolicy() ; HttpWebRequest req = ( HttpWebRequest ) WebRequest . CreateDefault ( new Uri ( "https://zu14.cn/" )); req . Method = "GET" ; HttpWebResponse res = ( HttpWebResponse ) req . GetResponse (); //...正常使用了,和访问普通的 http:// 地址一样了 }
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
