weixin_39958248
weixin_39958248
2021-01-11 11:48

Using SslStream to make an ALPN connection - confusion over parameters to use.

commented on Mon Mar 19 2018

I've updated to the .NET Core 2.1 preview in order to make an SSL connection. Our server requires an ALPN negotiation to occur. As I understand it, the preview is the first version of .NET Core to support ALPN.

Here is essentially what I'm doing:

 
TcpClient tcpClient = new TcpClient();
tcpClient.Connect(ProxyClient.TestUbuntuHost, ProxyClient.TestUbuntuPort);
var stream = tcpClient.GetStream();
SslStream sslStream = new SslStream(stream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate));

X509Certificate2 certificate = new X509Certificate2(@"<a filename provided>);
X509Certificate2Collection certColl = new X509Certificate2Collection(certificate);
sslStream.AuthenticateAsClient(
                ProxyClient.TestUbuntuHost,
                certColl,
                SslProtocols.Tls11 | SslProtocols.Tls12, false);
</a>

The ValidateServerCertificate looks like this:


public static bool ValidateServerCertificate(
              object sender,
              X509Certificate certificate,
              X509Chain chain,
              SslPolicyErrors sslPolicyErrors)
{
            if (sslPolicyErrors == SslPolicyErrors.None)
                return true;

            Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

            // Do not allow this client to communicate with unauthenticated servers.
            return false;
}

I get this error: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. whether or not I pass that 3rd param to the SslStream constructor.

Can you shed some light on whether I need to do something else to enforce the ALPN negotiation?

Thanks, Bob

该提问来源于开源项目:dotnet/runtime

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

22条回答