我有 2 个由同一证书颁发机构颁发的客户端身份验证证书。其中之一使我能够连接到 HTTPS Web 服务,但当我使用类似于以下的代码时,另一个则不能:
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create( endPointUrl );
X509Store store = new X509Store( StoreName.My, StoreLocation.LocalMachine );
store.Open( OpenFlags.MaxAllowed );
X509CertificateCollection col = (X509CertificateCollection)store.Certificates.Find( X509FindType.FindBySerialNumber, certificateSerialNumber, true );
httpWebRequest.ClientCertificates.Add( col[0] );
httpWebRequest.Method = "POST";
httpWebRequest.ContentType = contentType;
httpWebRequest.KeepAlive = false;
httpWebRequest.Timeout = 3000;
httpWebRequest.ContentLength = message.Length;
httpRequestStream = httpWebRequest.GetRequestStream();
当尝试获取请求流时,我收到 InvalidOperationException 并显示消息“操作已超时”。
在尝试连接失败的证书时,我使用了 System.Net.trace,并且日志在“尝试使用用户提供的证书重新启动 session ”之前和第一个 InitializeSecurityContext 之后显示连接超时。
Wireshark 显示以下内容:
"TCP","j-link > https [SYN] Seq=0 Win=65535 Len=0 MSS=1260 SACK_PERM=1"
"TCP","https > j-link [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1380"
"TCP","j-link > https [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"TLSv1","Client Hello"
"TLSv1","Server Hello"
"TCP","[TCP segment of a reassembled PDU]"
"TCP","j-link > https [ACK] Seq=78 Ack=2521 Win=65535 Len=0"
"TLSv1","Certificate, Certificate Request, Server Hello Done"
"TCP","j-link > https [ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","j-link > https [FIN, ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","https > j-link [ACK] Seq=3187 Ack=79 Win=32768 Len=0"
"TLSv1","Alert (Level: Warning, Description: Close Notify)"
"TCP","j-link > https [RST, ACK] Seq=79 Ack=3194 Win=0 Len=0"
导出证书并将其转换为 PEM 格式后,我可以使用这两个证书从命令行使用 OpenSSL 进行连接。
如有任何建议,我们将不胜感激。
最佳答案
感谢Shawn's question这帮助我解决了由于连接超过 60 秒才失败而导致的超时问题。
然后我收到“请求已中止:无法创建 SSL/TLS 安全通道”。错误,已通过使用 Windows HTTP Services Certificate Configuration Tool 解决和我获得的信息here .
关于c# - SSL 握手超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9297390/