如何在ssl时忽略证书检查

我试图find一种方法来忽略证书检查时请求一个Https资源,到目前为止,我在互联网上find了一些有用的文章。

但是我仍然有一些问题。 请查看我的代码。 我只是不明白代码ServicePointManager.ServerCertificateValidationCallback是什么意思。

什么时候可以调用这个委托方法? 还有一个问题,我应该在哪个地方写这个代码? 在ServicePointManager.ServerCertificateValidationCallback Stream stream = request.GetRequestStream()之前执行ServicePointManager.ServerCertificateValidationCallback之前吗?

请帮助我,谢谢。

 public HttpWebRequest GetRequest() { CookieContainer cookieContainer = new CookieContainer(); // Create a request to the server HttpWebRequest request = (HttpWebRequest)WebRequest.Create(_remoteUrl); #region Set request parameters request.Method = _context.Request.HttpMethod; request.UserAgent = _context.Request.UserAgent; request.KeepAlive = true; request.CookieContainer = cookieContainer; request.PreAuthenticate = true; request.AllowAutoRedirect = false; #endregion // For POST, write the post data extracted from the incoming request if (request.Method == "POST") { Stream clientStream = _context.Request.InputStream; request.ContentType = _context.Request.ContentType; request.ContentLength = clientStream.Length; ServicePointManager.ServerCertificateValidationCallback = delegate( Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return (true); }; Stream stream = request.GetRequestStream(); .... } .... return request; } } 

由于只有一个全局ServicePointManager ,因此设置ServicePointManager.ServerCertificateValidationCallback将产生所有后续请求将inheritance此策略的结果。 由于这是一个全局“设置”,因此最好将它设置在Global.asax中的Application_Start方法中。

设置callback将覆盖默认行为,您可以自己创build自定义validation例程。

对于任何希望在每个请求的基础上应用此解决scheme的人,这是一个选项,并使用Lambdaexpression式。 相同的Lambdaexpression式也可以应用于blak3r提到的全局filter。 此方法似乎需要.NET 4.5。

 String url = "https://www.stackoverflow.com"; HttpWebRequest request = HttpWebRequest.CreateHttp(url); request.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; 

在.NET 4.0中,Lambdaexpression式可以像这样应用于全局filter

 ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; 

这对我工作:

 System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; // **** Always accept }; 

从这里摘录: http : //www.west-wind.com/weblog/posts/2011/Feb/11/HttpWebRequest-and-Ignoring-SSL-Certificate-Errors

还有一个简短的代表解决scheme:

 ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; 

已经提到.NET 4.5之前访问其ServicePointManager的请求的属性不可用。

这里是.NET 4.0代码,可以让你访问ServicePoint的每个请求的基础上。 它不允许你访问每个请求的callback,但它应该让你find更多关于这个问题的细节。 只要访问scvPoint.Certificate (或者ClientCertificate如果你喜欢)属性。

 WebRequest request = WebRequest.Create(uri); // oddity: these two .Address values are not necessarily the same! // The service point appears to be related to the .Host, not the Uri itself. // So, check the .Host vlaues before fussing in the debugger. // ServicePoint svcPoint = ServicePointManager.FindServicePoint(uri); if (null != svcPoint) { if (!request.RequestUri.Host.Equals(svcPoint.Address.Host, StringComparison.OrdinalIgnoreCase)) { Debug.WriteLine(".Address == " + request.RequestUri.ToString()); Debug.WriteLine(".ServicePoint.Address == " + svcPoint.Address.ToString()); } Debug.WriteLine(".IssuerName == " + svcPoint.Certificate.GetIssuerName()); } 

基于Adam的回答和Rob的评论,我使用了这个:

 ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => certificate.Issuer == "CN=localhost"; 

它在一定程度上过滤了“忽略”。 其他发行人可以根据需要添加。 这是在.NET 2.0中testing的,因为我们需要支持一些遗留代码。

顺便说一下,这是closures给定的应用程序中的所有证书validation的最简单的方法,我知道:

ServicePointManager.ServerCertificateValidationCallback =(a,b,c,d)=> true;

添加到Sani和blak3r的答案,我已经添加到我的应用程序的启动代码,但在VB中:

 '** Overriding the certificate validation check. Net.ServicePointManager.ServerCertificateValidationCallback = Function(sender, certificate, chain, sslPolicyErrors) True 

似乎要做的伎俩。

我有同样的问题,所以我创build了一个类,而不是帮助我的代码。 但是使用一个HttpClient:

https://github.com/PicolotoLF/IgnoresSSL

例:

 public async Task DoRequest() { IgnoreSSL Client = new IgnoreSSL(); var client = Client.IgnoreSSLA(); //NOTE(picoloto): Use how a HttpClient var response = await client.GetAsync(URL) }