当我尝试连接到 HTTPS REST 服务时,我在执行期间遇到以下错误(目前在 VS 2013 中进行单元测试):
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. Result StackTrace: at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
代码:
public class CompanyApi
{
private string _username;
private string _password;
private string _url;
public CompanyApi(string username, string password, string url)
{
_username = username;
_password = password;
_url = url;
}
public string MakeUrl(string programHostName)
{
return string.Format("https://{0}/api/v1/program/", programHostName);
}
/// <summary>Creates a basic HTTP authentication token.</summary>
protected AuthenticationHeaderValue CreateBasicCredentials()
{
string token = String.Format("{0}:{1}", _username, _password);
return new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(Encoding.UTF8.GetBytes(token))
);
}
public void UserGivePoints(add_points newPointsRequest)
{
string url = MakeUrl(_url);
WebRequestHandler handler =
new WebRequestHandler
{
AllowAutoRedirect = false,
UseProxy = false
};
HttpClient client =
new HttpClient(handler)
{
BaseAddress = new Uri(url)
};
client.DefaultRequestHeaders.Authorization = CreateBasicCredentials();
// Add an Accept header for JSON format.
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/x-javascript"));
// Create the JSON formatter.
MediaTypeFormatter jsonFormatter = new JsonMediaTypeFormatter();
// Use the JSON formatter to create the content of the request body.
HttpContent content = new ObjectContent<add_points>(newPointsRequest, jsonFormatter);
client.Timeout = new TimeSpan(0, 0, 30);
HttpResponseMessage message = client.PostAsync("user/add_points?outputFormat=JSON", content).Result;
if (message.StatusCode != HttpStatusCode.OK)
throw new Exception("Wrong result code - " + message.StatusCode);
message.EnsureSuccessStatusCode();
}
}
public class add_points
{
public string username { get; set; }
public int amount { get; set; }
public string account_name { get; set; }
public string reason { get; set; }
public add_points(string userId, int pointAmount, string account, string pointDescription)
{
username = userId;
amount = pointAmount;
account_name = account;
reason = pointDescription;
}
public add_points()
{ }
}
据我从错误中可以看出,它似乎不喜欢网站本身的证书,这是我从 Chrome 收到的警告消息:
You attempted to reach tribute.site.com.int01.site.com, but instead you actually reached a server identifying itself as *.int01.site.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of tribute.site.com.int01.site.com. You should not proceed, especially if you have never seen this warning before for this site.
我不知道如何解决这个问题,供应商向我保证许多其他人可以毫无问题地连接到 API...
有什么想法吗?
更新 2014-08-08
我加了一个
ServerCertificateValidationCallback = delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
WebRequestHandler 初始化代码中的行,仍然遇到同样的问题。
最佳答案
带有主机名 *.int01.site.com
的证书将只匹配 com.int01.site.com
而不是 tribute.site.com。 int01.site.com
。通配符仅在同一级别匹配。要使该证书有效,他们需要拥有能够匹配 *.*.*.int01.site.com
的 SSL 证书。
我强烈建议避免使用任何会禁用证书检查并与供应商合作以获得有效证书的代码。禁用或解决证书检查只会降低安全性。如果您真的必须禁用检查,请在发送数据之前使用证书固定来验证供应商证书。
关于api - 尝试连接到 HTTPS 时出错,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25190103/